3 Web Services Custom WLST Commands
Note:
Only a subset of the custom WLST commands described in this chapter are supported for Java EE web services.
A subset of WLST commands have been deprecated for Oracle Infrastructure web services and clients. For a complete list of deprecated commands, see Deprecated Commands for Oracle Infrastructure Web Services in Release Notes for Oracle Fusion Middleware Infrastructure.
For additional details about using these WLST commands for web services, see the following documents:
Note:
To use the Web Services custom WLST commands, you must invoke WLST from the Oracle Common home directory. See Using Custom WLST Commands in Administering Oracle Fusion Middleware.
To display the help for the web service and client management and Java EE web service policy management commands, connect to a running instance of the server and enter help('WebServices')
.
To display the help for the remaining commands, connect to a running instance of the server and enter help('wsmManage')
.
This chapter contains the following topics:
- Overview of Web Services WLST Commands
- Offline Commands
Execution of offline OWSM WLST is supported. The OWSM commands which we want to run offline must be wrapped betweenstartWSMOfflineMode
andendWSMOfflineMode
commands. - Session Commands
- Policy Subject Commands
- Configuration Commands
- Diagnostic Commands
- Web Service and Client Management Commands
- Policy Management Commands
- Policy Set Management Commands
- OWSM Repository Management Commands
- Token Issuer Trust Configuration Commands
- Secure Conversation Session Management Commands
- JKS Keystore Configuration Commands
Overview of Web Services WLST Commands
You can use the web services WLST commands, in online mode, to:
-
Perform web service configuration and OWSM policy management tasks.
-
Manage the OWSM repository.
-
Check the status of OWSM components.
-
View and define trusted issuers and DN lists for SAML signing certificates.
Note:
Ensure that the user is mapped to the appropriate OWSM logical roles, based on the WLST operations you wish to perform. For more information, see "Modifying the User's Group or Role" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The web services WLST configuration and policy management commands perform many of the same management functions that you can complete using Fusion Middleware Control, such as managing deployed, active, and running web services applications. They can be executed everywhere in WLST online mode, for example:
wls:/domain/serverConfig wls:/domain/domainRuntime
The following sections provide more information about using the WLST commands:
- Specifying Application, Composite, and Service Names
- Identifying the Policy Subject
- Web Services WLST Command Categories
Parent topic: Web Services Custom WLST Commands
Specifying Application, Composite, and Service Names
The web service WLST commands configure a web service for a specific application. Therefore, the application path name has to uniquely identify the application and the server instance to which it is deployed.
The following sections describe how to specify the application and service names to uniquely identify the web service.
Specifying a Web Service Application Name
To specify a web service application in a WLST command, use the following format:
[/domain/server/]application[#version_number]
Parameters shown in brackets []
are optional. The following examples show the sample format for a web service application name:
/base_domain/AdminServer/HelloWorld#1_0 /base_domain/server1/HelloWorld#1_0
If there is only one deployed instance of an application in a domain, you may omit the domain/server
parameter, as shown in the following example:
HelloWorld#1_0
In all other instances, the domain/server
parameter is required. If it is not specified and WLST finds more than one deployment of the same application on different servers in the domain, you are prompted to specify the domain and the server names.
Web service and web service client applications are deployed directly to WebLogic Server server instances. Each application is managed separately. For example, if the application myapp
is deployed to both the AdminServer
and server1
instances in the domain mydomain
, then you need to issue configuration commands to each of the servers using the appropriate application path name:
/mydomain/AdminServer/myapp#1_0 /mydomain/server1/myapp#1_0
Specifying a Service Name
When there are multiple versions (namespaces) of a web service name for Web Service and Web Service clients, you must specify the namespace and the service name using the following format:
{http://namespace/}serviceName
Note the following:
-
For web service and client management commands, and policy management commands, you do not need to enter the namespace if there is only one service name qualified. If there are multiple versions of the service and you do not specify the namespace with the service name, an exception is thrown.
-
The namespace (
{http://namespace/}
) should not be included for a SOA composite. -
For policy set management commands, both the namespace and service name are required for Web Service and Web Service Client (ws-service and ws-client) resource types.
For more information, see "Determining the Namespace for a Web Service" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Overview of Web Services WLST Commands
Identifying the Policy Subject
You can navigate to a policy subject in WLST, without having to refer to Fusion Middleware Control or the WSM-Console. By using the selectWSMPolicySubject command, together with an understanding of the navigation model, you can discover the application, assembly, and subject names by moving down the hierarchy tree. An assembly uniquely identifies a module within an application, for example a .war file.
Selecting the Application
You can select a specific application for modification if an application name is provided.
If you know only a part of the application name, the argument can be a pattern containing wildcard characters. In this case, all of the applications matching that pattern will be listed. You can then select that application to proceed further. If no argument is provided then all application names will be listed.
When the application name is known
If you know the name of the application, enter it as the argument to selectWSMPolicySubject
command. WLST responds with the names of the assemblies contained in the application.
In the following example, jaxwsejb30ws
is entered as the name of the application. WLST responds with #jaxwsejb
, the name of the assembly contained in the application.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxwsejb Select any of the assembly name to proceed.
When only a part of the application name is known
If you know only a part of the application name, you can enter a pattern with wildcard characters. In the following example, jax*
is entered as the name of the application in the selectWSMPolicySubject
command. WLST responds with a list of applications that match the string.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jax*') jaxws_provider jaxwsejb30ws Select any of the application name to proceed. wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxws3jb Select any of the assembly name to proceed
When the application name is not known
If you do not know the name of the application, enter the selectWSMPolicySubject
command with no arguments. WLST responds with the names of all applications known to the system. In the following example, the selectWSMPolicySubject
command is entered with no arguments. WLST responds with the names of all applications known to the system.
wls:/base_domain/serverConfig> selectWSMPolicySubject() SimpleRestApp jaxws_provider jaxwsejb30ws wsm-pm Select any of the application name to proceed. wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxws3jb Select any of the assembly name to proceed
Selecting the Assembly
You can select a specific assembly for modification if an application name and assembly name is provided.
If you know only a part of the assembly name, the argument can be a pattern containing wildcard characters. In this case, all of the assemblies matching that pattern will be listed. You can then select an assembly to proceed further. If no argument is provided then all assembly names will be listed.
Note:
For ws-connection type policy subjects, use an empty string ''
for the assembly name.
When the assembly name is known
If you know the name of the assembly, enter it with the application name as arguments to the selectWSMPolicySubject
command. WLST responds with the names of the subjects contained in the assembly. In the following example, jaxwsejb30ws
is entered as the name of the application and #jaxwsejb
is entered as the name of the assembly. WLST responds with a list of all of the subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When only a part of the assembly name is known
If you know only a part of the assembly name, you can enter a pattern with wildcard characters. In the following example, #jaxws*
is entered as the partial name of the assembly and jaxwsejb30ws
is entered as the name of the application in the selectWSMPolicySubject
command. WLST responds with #jaxwsejb
, the name of the assembly contained in the application.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws','#jaxws*') #jaxwsejb Select any of the assembly name to proceed. wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When the assembly name is not known
If you do not know the name of the assembly, enter the name of the application only as an argument to selectWSMPolicySubject
. WLST responds with the names of all assemblies known to the system. In the following example, jaxwsejb30ws
is entered as the name of the application as an argument in selectWSMPolicySubject
command. WLST responds with the names of all assemblies known to the system.
wls:/base_domain/serverConfig> selectWSMPolicySubject('jaxwsejb30ws') #jaxwsejb Select any of the assembly name to proceed.
Selecting the Subject
You can select a specific policy subject for modification if an application name, assembly name, and policy subject name is provided.
If you know only a part of the policy subject name, the argument can be a pattern containing wildcard characters. In this case, all of the policy subjects matching that pattern will be listed. You can then select a policy subject to proceed further. If no argument is provided then all policy subject names will be listed.
When the policy subject name is known
If you know the name of the policy subject, enter it with the application name and the assembly name as arguments to the selectWSMPolicySubject
command. WLST selects the specified policy subject. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
is entered as the name of the assembly, and WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
is entered as the name of the policy subject. WLST responds that the policy subject has been selected for modification.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb','WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)') The policy subject is selected for modification.
When only a part of the policy subject name is known
If you know only a part of the policy subject name, you can enter a pattern with wildcard characters. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
is entered as the name of the assembly, and ws-service(*)
is entered as the name of the policy subject in the selectWSMPolicySubject
command. WLST responds with the name of the policy subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb', 'ws-service(*)') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
When the policy subject name is not known
If you do not know the name of the policy subject, enter the name of the application, the name of the assembly as arguments to the selectWSMPolicySubject
command. WLST responds with the names of all policy subjects contained in the assembly. In the following example, jaxwsejb30ws
is entered as the name of the application, #jaxwsejb
as the name of the assembly, and None
as the policy subject argument in selectWSMPolicySubject
command. WLST responds with the names of all policy subjects contained in the assembly.
wls:/base_domain/serverConfig> selectWSMPolicySubject ('jaxwsejb30ws','#jaxwsejb') WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort) WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort) WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
WS-SERVICE({http://soapinterop.org/DoclitWrapperWTJ}DoclitWrapperWTJService#DoclitWrapperWTJPort)
WS-SERVICE({http://j2ee.tests.ejb.impl/}JaxwsWithHandlerChainBeanService#JaxwsWithHandlerChainBeanPort) Select any of the subject name to proceed.
Parent topic: Overview of Web Services WLST Commands
Web Services WLST Command Categories
Web services WLST commands are divided into the categories described in Table 3-1.
Table 3-1 Web Services WLST Command Categories
Command Category | Definition |
---|---|
Manage a session, which is required by some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session. |
|
View and manage web service and web service client policy subjects. |
|
View and manage OWSM domain configuration information. |
|
Check the status of the WSM components that are required for proper functioning of the product. |
|
View and manage web services for the service and client. |
|
View and manage policy attachment for the service and client. These commands manage both direct policy attachments and global policy attachments in policy sets. |
|
View and manage globally available policy sets within sessions. |
|
Manage the OWSM repository with new predefined policies provided in the latest installation of the software, as well as import and export documents into and from the repository. |
|
View and define trusted issuers, trusted distinguished name (DN) lists, and token attribute rule filters for SAML signing certificates. |
|
View and manage JKS keystore credentials and certificates. |
Parent topic: Overview of Web Services WLST Commands
Offline Commands
Execution of offline OWSM WLST is supported. The OWSM commands which we want to run offline must be wrapped between startWSMOfflineMode
and endWSMOfflineMode
commands.
- startWSMOfflineMode
ThestartWSMOfflineMode
command starts the execution of offline OWSM WLST. - endWSMOfflineMode
TheendWSMOfflineMode
command ends the execution of offline OWSM WLST. - Example of Running WSM Commands in Offline Mode
The OWSM commands which you want to run offline must be wrapped between thestartWSMOfflineMode
andendWSMOfflineMode
commands.
Parent topic: Web Services Custom WLST Commands
startWSMOfflineMode
The startWSMOfflineMode
command starts the execution of offline OWSM WLST.
Description
It starts the execution of offline OWSM WLST.
Syntax
startWSMOfflineMode('<domain_absolute_path>')
domain_absolute_path
- Absolute path of weblogic domain where "wsm-pm" is installed.
Example
wls:/jrfServer_domain/serverConfig>startWSMOfflineMode('/ade/vkdwived_owsmpt/work/utp/testout/functional/owsm/wls-jrfServer')
Parent topic: Offline Commands
endWSMOfflineMode
The endWSMOfflineMode
command ends the execution of offline OWSM WLST.
Description
It ends the execution of offline OWSM WLST.
Syntax
endWSMOfflineMode()
Example
wls:/jrfServer_domain/serverConfig>endWSMOfflineMode()
Parent topic: Offline Commands
Example of Running WSM Commands in Offline Mode
The OWSM commands which you want to run offline must be wrapped between the startWSMOfflineMode
and endWSMOfflineMode
commands.
Description
This example shows how to create global PolicySet offline.
Example
sh wlst.sh wls:/jrfServer_domain/serverConfig>startWSMOfflineMode('/ade/vkdwived_owsmpt/work/utp/testout/functional/owsm/wls-jrfServer') Started offline mode. wls:/jrfServer_domain/serverConfig>beginWSMSession() Repository session begun. wls:/jrfServer_domain/serverConfig>createWSMPolicySet('all-domains-default-web-service-policies', 'ws-service', 'Domain("*")') Description defaulted to "Global policy attachments for Web Service Endpoint resources."The policy set was created successfully in the session. wls:/jrfServer_domain/serverConfig>setWSMPolicySetDescription('Default policies for web services in any domain') Description updated. wls:/jrfServer_domain/serverConfig>attachWSMPolicy('oracle/wss11_saml_or_username_token_with_message_protection_service_policy') Policy reference added. wls:/jrfServer_domain/serverConfig> displayWSMPolicySet() Policy Set Details: ------------------- Name: all-domains-default-web-service-policies Type of Resources: Web Service Endpoint Scope of Resources: Domain("*") Description: Default policies for web services in any domain Enabled: true Policy Reference: security : oracle/wss11_saml_or_username_token_with_message_protection_service_policy, enabled=true wls:/jrfServer_domain/serverConfig>validatePolicySet() The policy set all-domains-default-web-service-policies is valid. wls:/jrfServer_domain/serverConfig>commitWSMSession() The policy set all-domains-default-web-service-policies is valid. Creating policy set all-domains-default-web-service-policies in repository. Repository session committed successfully. wls:/jrfServer_domain/serverConfig>endWSMOfflineMode() Offline mode ended.
Parent topic: Offline Commands
Session Commands
Some web service WLST commands, such as those that modify repository documents and policy subject commands, need to be executed in the context of a session. Use the WLST commands listed in Table 3-2 to manage a session.
Table 3-2 Session Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Abort the current modification session, discarding any changes that were made during the session. |
Online |
|
Begin a session to modify a policy subject or the OWSM repository documents. |
Online |
|
Write the contents of the current session to the OWSM repository. |
Online |
|
Describe the contents of the current session. This will indicate either that the session is empty or list the name of the document that is being updated, along with the type of update (create, modify, or delete). |
Online |
Parent topic: Web Services Custom WLST Commands
abortWSMSession
Command Category: Session
Use with WLST: Online/offline
Description
Aborts the current modification session, discarding any changes that were made during the session. Messages are displayed that describe what was aborted. An error will be displayed if there is no current session.
Syntax
abortWSMSession([raiseError='true|false'])
raiseError - Optional. When set to ‘true’ it raises exception in case of known errors. When set to ‘false’ it returns a boolean false value in case of known errors. By default, it's set to 'true'.
Examples
The following example aborts the current OWSM session.
wls:/wls-domain/serverConfig>abortWSMSession()
Parent topic: Session Commands
beginWSMSession
Command Category: Session
Use with WLST: Online/offline
Description
Begins a session to modify a policy subject, such as a policy set or a Fusion Middleware web service endpoint. A session can act on a single policy subject only. If a session is already in progress, an error is displayed.
Syntax
beginWSMSession([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Example
The following example begins an OWSM session.
wls:/wls-domain/serverConfig>beginWSMSession()
Parent topic: Session Commands
commitWSMSession
Command Category: Session
Use with WLST: Online/offline
Description
Persists the modifications made within the current session. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.
Syntax
commitWSMSession([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Example
The following example commits the current repository modification session.
wls:/wls-domain/serverConfig>commitWSMSession()
Parent topic: Session Commands
describeWSMSession
Command Category: Session
Use with WLST: Online/offline
Description
Describes the current session. For repository operations, it will either indicate that no actions have been performed in the session, or it will list the name of the document that is being updated, along with the type of update, such as create, modify, or delete. For policy subject operations, it will list the subject identifier.
If there is no current session, the following error is displayed:
No active session.
Syntax
describeWSMSession([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
The following example describes the current session.
wls:/wls-domain/serverConfig>describeWSMSession()
Parent topic: Session Commands
Policy Subject Commands
Use the WLST commands listed in Table 3-3 to view and manage web service and web service client policy subjects. For more information about policy subjects, see "Understanding Policy Subjects" in Understanding Oracle Web Services Manager.
Note:
For Java EE web services, no information is displayed. For information about viewing and modifying Java EE web service policy attachments, see Table 3-7.
Table 3-3 Policy Subject WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Display the configuration of effective policy set corresponding to a policy subject. |
Online |
|
List the policy subjects that match the specified application, assembly, and subject patterns. |
Online |
|
Displays the configuration of an effective policy set corresponding to a policy subject. The display will also include any changes made within the current session when it generates the effective policy set. |
Online |
|
List the resources that have been registered in the repository. |
Online |
|
Register or create a new resource instance that describes a physical resource within a session. |
Online |
|
Select the subject uniquely identified by application, assembly and subject for modification. |
Online |
|
Select the subject uniquely identified by resource, assembly and subject for modification in a third-party application environment. |
Online |
- displayWSMEffectivePolicySet
- listWSMPolicySubjects
- listWSMResources
- previewWSMEffectivePolicySet
- registerWSMResource
- selectWSMPolicySubject
- selectWSMResource
Parent topic: Web Services Custom WLST Commands
displayWSMEffectivePolicySet
Command Category: Policy Subject
Use with WLST: Online
Note:
This command is valid for Oracle Infrastructure web service and clients only. For Java EE web services, no information is displayed.
Description
Displays the configuration of the actual runtime policy set and global policy attachment information used at the time of policy enforcement. This policy set and global policy attachment information is stored within the policy subject.
You must start a session and select the policy subject (using selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
Compare this command with the displayWSMPolicySet
command, which displays only the selected global policy set or the selected local policy set, or with the previewWSMEffectivePolicySet
, which displays the effective policy set, including changes made to the actual runtime policy set, within the current session.
Syntax
displayWSMEffectivePolicySet([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
The following example for an Oracle Infrastructure web service lists that the policies, oracle/wss_username_token_service_policy
and oracle/log_policy
, are in effect at the time of enforcement.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
wls:/jrfServer_domain/serverConfig> displayWSMEffectivePolicySet()
URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
The policy subject is secure in this context.
See:
Parent topic: Policy Subject Commands
listWSMPolicySubjects
Command Category: Policy Subject
Use with WLST: Online
Description
Lists the policy subjects that match the specified application, assembly, and subject patterns. You can use the optional detail
argument to include effective policy set information in the output. The command does not require starting a session.
Syntax
listWSMPolicySubjects([application=None],[assembly=None],[subject=None],[detail='false'], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. Pattern identifying applications. |
|
Optional. Pattern identifying assemblies. |
|
Optional. Pattern identifying subjects. |
|
Optional. Specifies whether to include effective policy set information in the output. The default value is For each directly attached policy, the |
|
Optional. When set to |
To simplify searching for a particular subject, the application
, assembly
, or subject
argument can specify a pattern containing the wildcard character (*
). In this case, all the subjects matching that pattern will be listed.
Examples
The following invocation of the listWSMPolicySubjects
command with detail='true'
returns the application, assembly, and subject information for all subjects being managed in the entire domain
Note that the local.policy.reference.source
configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT
, indicating that it was attached using either Fusion Middleware Control or WLST.
wls:/base_domain/serverConfig> listWSMPolicySubjects(detail='true')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Context : no constraint
URI="oracle/wss_username_token_service_policy", category=security,
policy-status=enabled; source=global policy set "username", scope="DOMAIN('*')"; reference-status=enabled; effective=true
URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
Property name="max.request.size", value="-1"
URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="logging.level", value=""
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="IMPLIED_FEATURE"
The policy subject is secure in this context.
...
Invoking the listWSMPolicySubjects
command with ('jax*')
as the argument returns all subjects in applications that begin with jax
; in our example, all subjects belonging to the jaxwsejb30ws
application:
wls:/base_domain/serverConfig> listWSMPolicySubjects('jax*')
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: WS-SERVICE({http://mycompany.com/targetNamespace}EchoEJBService#EchoEJBServicePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests/concrete}WsdlConcreteService#WsdlConcretePort)
Subject: WS-SERVICE({http://mycompany.com/jaxws/tests}CalculatorService#CalculatorPort)
The following command returns all RESTful resource subjects in all applications. If there are no RESTful resources in an application, the following message is returned: Subject: No matching subject found for "REST*"
wls:/base_domain/serverConfig> listWSMPolicySubjects(subject='REST*')
Application: /weblogic/base_domain/jaxrs_pack1
Assembly: #jaxrs_pack1.war
Subject: REST-Resource(Jersey)
Application: /weblogic/base_domain/jaxwsejb30ws
Assembly: #jaxwsejb
Subject: No matching subject found for "REST*".
Application: /weblogic/base_domain/soa-infra
Assembly: #integration/services/RuntimeConfigService
Subject: REST-Resource(oracle.bpm.rest.webapp.BPMApplication)
See:
Parent topic: Policy Subject Commands
listWSMResources
Command Category: Repository
Use with WLST: Online
Description
Lists the resources that have been registered in the repository. This command also displays the resource that is being created, modified, or deleted within the current session. You can list all the resources or limit the display using the optional arguments.
Syntax
listWSMResources([resourceType=None],[resourceName=None])
Argument | Definition |
---|---|
|
Optional. Specifies the type of resource. If no value is specified, then all the resource instances stored in the repository will be listed. |
|
Optional. Name of the resource. The value can be omitted to list all the resources or it can also use wildcards to limit resource matching. |
Any of the values listed in the preceding table can contain following wildcard characters to allow for multiple matches.
Character | Description |
---|---|
|
The percent character can be used in a value to match any number of characters. |
|
The underscore character can be used in a value to match a single character. |
|
The back-slash character can be used in a value to escape a wildcard character. |
Following are examples of the listWSMResources command that use wildcards:
listWSMResources('application','%App%') listWSMResources('resourcename','my_%') listWSMResources()
Parent topic: Policy Subject Commands
previewWSMEffectivePolicySet
Command Category: Policy Subject
Use with WLST: Online
Description
Displays the configuration of the effective policy set corresponding to the policy subject. The display will also include any changes made within current session when it generates the effective policy set.
You must start a session and select the policy subject (using selectWSMPolicySubject
) before initiating the command. An error will display if no policy subject is selected.
Syntax
previewWSMEffectivePolicySet([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
wls:/wls-domain/serverConfig>previewWSMEffectivePolicySet()
See:
Parent topic: Policy Subject Commands
registerWSMResource
Command Category: Repository
Use with WLST: Online
Description
Within a session, registers or creates a new resource instance that describes a physical resource, such as an application server, or register a sub-resource within the created resource instance. The resource instance will be used to store information describing the logical structure of the resource. The sub-resource will hold information about the client and service ports of a resource instance. Issuing this command outside of a session will result in an error.
Syntax
registerWSMResource(resource, [assembly=None], [subject=None])
Argument | Description |
---|---|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash. |
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
subject |
Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Examples
The following example registers the IBM WebSphere platform application WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> registerWSMResource (‘WAS/base_cell/myApplication')
The following example registers the IBM WebSphere platform domain WAS/base_cell
.
wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')
The following example registers the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> registerWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')
Parent topic: Policy Subject Commands
selectWSMPolicySubject
Command Category: Policy Subject
Use with WLST: Online
Description
Within a session, selects a policy subject for modification. You uniquely specify a policy subject by the application, assembly, and policy subject name. Once selected, the policy management commands can be used to modify the directly attached policy set for the policy subject.
You must start a session (beginWSMSession
) before performing any policy management edits or policy set transactions. You must also select the policy subject that you want to modify before issuing policy management commands. If there is no current session or there is already an existing modification process, an error is displayed.
Syntax
selectWSMPolicySubject([application=None],[assembly=None],[subject=None], [raiseError='true|false'])
Argument | Description |
---|---|
application |
Name of the application. |
assembly |
Name of the assembly. Uniquely identifies the module within an application. |
subject |
Name of the policy subject. |
|
Optional. When set to |
Note:
Any of the three arguments can specify a pattern containing wildcard character "*". In this case, all the names matching that pattern will be listed. You need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.
Examples
The following example selects the TestService#TestPort
port in the jaxws-sut-service
module (assembly) that belongs to the jaxws-sut
application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject
('/weblogic/jrfServer_domain/jaxws-sut','#jaxws-sut-service','WS-SERVICE({http://service.jaxws.wsm.oracle/}TestService#TestPort)')
The policy subject is selected for modification.
The following example selects the jersey
RESTful resource in the #restservice
module (assembly) that belongs to the helloworld
application.
wls:/jrfServer_domain/serverConfig> selectWSMPolicySubject
('helloworld','#restservice','REST-Resource(Jersey)')
The policy subject is selected for modification.
See:
Parent topic: Policy Subject Commands
selectWSMResource
Command Category: Repository
Use with WLST: Online
Description
Within a session, selects a resource instance that describes a physical resource, such as a third-party application server, for modification. The command can also be used to select a particular sub-resource contained within the resource instance for modification. Once a resource instance is selected, then sub-resources within it can be added, removed or modified. Issuing this command outside of a session will result in an error.
You must start a session (beginWSMSession
) before performing any policy management edits or policy set transactions. You must also select the resource subject that you want to modify before issuing policy management commands.
Syntax
selectWSMResource([resource=None], [assembly=None], [subject=None])
Arguments | Description |
---|---|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name of the resource instance, separated by a forward slash. |
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
subject |
Name of the subject identifying the sub-resource. This is a combination of a sub-resource type. For example, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Note:
Any of the three arguments can specify a pattern containing a wildcard character "*". In this case, all the names matching that pattern will be listed. Therefore, you need to select the name uniquely identifying the subject. The pattern can be specified only for the last unknown entity.
Examples
The following example uses the *
wildcard to select all applications in the base_domain
on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/*Application')
The following example uses the *
wildcard to specify all sub-modules of the WEB module that reside on the IBM WebSphere platform in the application /WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#*Mod')
The following example uses *
wildcards to specify all service ports connected to the WEB/myMod
sub-resource that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> selectWSMResource('/WAS/base_cell/myApplication','WEB#myMod', 'service(*Service#*Port)')
The following example selects the StockQuoteServicePort endpoint connected to the WEB/myMod
sub-resource the resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> selectWSMResource (‘/WAS/base_cell/myApplication', ‘WEB#myModule', ‘service(StockQuoteService# StockQuoteServicePort)')
Parent topic: Policy Subject Commands
Configuration Commands
Use the WLST commands listed in Table 3-4 to view and configure the OWSM domain.
Note:
The setConfiguration
command has been deprecated. It is recommended that you use the setWSMConfiguration
command described in "setWSMConfiguration".
Table 3-4 OWSM Environment WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Set the keystore configuration properties. |
Online |
|
Display the full configuration properties and their values and groups for the specified product. |
Online |
|
Set the configuration properties of the specified product. |
Online |
|
Set the value for the fields of a resource or its structural components. |
Online |
- configureWSMKeystore
- displayWSMConfiguration
- setWSMConfiguration
- refreshWSMCache
Refreshes the PM cache in MDS and configuration and document cache in agent from PM. - setWSMResourceField
Parent topic: Web Services Custom WLST Commands
configureWSMKeystore
Command Category: Configuration
Use with WLST: Online/offline
Description
Sets the configuration properties for the OWSM keystore.
Note:
Changes to the keystore configuration at the domain level require that you restart the server.
Syntax
configureWSMKeystore(context, keystoreType, location, keystorePassword, signAlias, signAliasPassword, cryptAlias, cryptAliasPassword, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Optional. The context of the configuration document in which the modifications will be done. |
|
Optional. The keystore type category of the property. Valid keystore types are |
|
Optional. For JKS, it is the absolute location of the keystore or location relative to the |
|
Optional. The keystore password of the keystore configured. It is required for |
|
Optional. The Alias of the sign key. It is required for |
|
Optional. Password of the |
|
Optional. The |
|
Optional. Password of the |
|
Optional. When set to |
Examples
The following example configures the JKS keystore default-keystore.jks
in the domain myDomain
. It provides the keystore password oratest123
, the sign alias oraAlias
, the sign alias password ora234
, the encryption alias oraCryptAlias
, the encryption alias password ora123
.
wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain','JKS', './default-keystore.jks','oratest123', 'oraAlias','ora234','oraCryptAlias', 'ora123')
The following example configures the KSS keystore at kss://owsm/keystore
in the domain myDomain
. It provides the sign alias oraAlias
, and the encryption alias oraCryptAlias
.
wls:/jrfServer_domain/serverConfig> configureWSMKeystore ('/WLS/myDomain',keystoreType='KSS', location='kss://owsm/keystore', signAlias='oraAlias', cryptAlias='encAlias')
See:
-
"Configuring the OWSM Keystore Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Configuration Commands
displayWSMConfiguration
Command Category: Configuration
Use with WLST: Online/offline
Description
Displays the full set of configuration properties, and their values and groups, for the product specified in the context. If a property is not defined in the configuration document associated with the context, then the default value defined for the product is displayed. If a context is not specified, then the set of properties matching the current context is displayed.
Syntax
displayWSMConfiguration([context=None], [raiseError='true|false'])
Arguments | Description |
---|---|
|
Optional. The context of the configuration document from which property values are displayed. If a To display the default set of properties along with their values, use "/" as the context value." |
|
Optional. When set to |
Examples
The following example displays the configuration contained in the configuration document in the repository.
wls:/jrfServer_domain/serverConfig> displayWSMConfiguration()
The following example displays the configuration for the base_domain
domain.
wls:/jrfServer_domain/serverConfig> displayWSMConfiguration('/WLS/base_domain')
See:
-
"Managing OWSM Domain Configuration Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Configuration Commands
setWSMConfiguration
Command Category: Configuration
Use with WLST: Online/offline
Description
Sets the configuration properties of a domain. The properties are stored in a configuration document for the domain. If a configuration document does not exist, a new one is created.
A new property with values and/or groups of values can be added inside the configuration document. The set of acceptable properties is determined from the default set of properties supported by the product. Specific property values or groups of values can be removed from the configuration document. The configuration document itself is removed if no properties exist in it.
Syntax
setWSMConfiguration(context, category, name, [group=None], [values=None], [raiseError='true|false'])
Arguments | Description |
---|---|
|
Optional. The context of the configuration document to be modified. If a context is not provided or is set to |
|
The category of the property. This is verified against the default set of properties to ensure it is acceptable for the context. |
|
The name of the property. This is verified against the default set of properties to ensure it is acceptable for the context. |
|
Optional. A group containing the set of values to add in a configuration document. If the group exists, and this value is set to |
|
Optional. The array of values to set for a property or group inside the configuration document. |
|
Optional. When set to |
Examples
The following example resets the entire configuration for the domain myDomain
to its default values.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain')
The following command resets the value of the clock.skew
property in myDomain
to 500
.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None, ['500'])
The following command resets the value of the clock.skew
property in myDomain
to its default value.
wls:/jrfServer_domain/serverConfig> setWSMConfiguration('/WLS/myDomain','Agent','clock.skew',None,None)
See:
-
"Managing OWSM Domain Configuration Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Configuration Commands
refreshWSMCache
Refreshes the PM cache in MDS and configuration and document cache in agent from PM.
Description
It first refreshes the PM cache in MDS. After that it refreshes the configuration and document cache in agent from PM. It refreshes cache on all agent instances running in the domain.
Syntax
refreshWSMCache([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
refreshWSMCache()
Parent topic: Configuration Commands
setWSMResourceField
Command Category: Resource
Use with WLST: Online
Description
Specifies the value for the fields of a resource or its structural components. This command can be used to either set the requested field on the resource or remove the value of the existing field. Issuing this command outside of a session containing a resource that is being created or modified will result in an error.
Syntax
setWSMResourceField(fieldName, [fieldValue=None])
Argument | Definition |
---|---|
fieldName |
The name of the field to set. You can set the value for these fields for modification:
|
fieldValue |
Optional. The value(s) to set for the field, or omit the value to remove the field. |
Examples
The following example sets the wsdl
field location on a client port to StockService?wsdl
.
wls:/wls-domain/serverConfig> setWSMResourceField('wsdl',['http://localhost/StockService?wsdl'])
The following example sets the server
field on an application resource to server1
and server2
.
wls:/wls-domain/serverConfig> setWSMResourceField('server',['server1','server2'])
Parent topic: Configuration Commands
Diagnostic Commands
Use the WLST command in this section to check the status of the WSM components that are required for proper functioning of the product.
Parent topic: Web Services Custom WLST Commands
checkWSMStatus
Command Category: Diagnostic
Use with WLST: Online
Description
-
Policy Manager (
wsm-pm
) -
Agent (
agent
) -
Credential store and keystore configuration (
credstore
) -
Oauth2 configuration (
oauth2
) -
Policy Manager history (
pmHistory
)
Syntax
checkWSMStatus([component=None],[address=None],[verbose=true],[days=None],[target=None],[outfile=None])
Arguments | Description |
---|---|
|
Optional. All checks will be performed if no value is specified. Valid options are:
|
|
Optional. The HTTP URL of the host running the checkWSMStatus('agent', 'http://localhost:7001') The address is not required in the WebLogic Server domain where auto-discovery is present. |
|
Optional. Set the value to |
|
Optional. This attribute is used with the |
|
Optional. Target server name for which check needs to be run. Set this value if check needs to be run for a specific server. If no value is provided, checks are run for all available servers. |
|
Optional. If not |
Examples
checkWSMStatus
command is run without arguments. The status of the credential store, policy manager, and enforcement agent is returned.wls:/base_domain/serverConfig> checkWSMStatus()
Health check status on server EXAMPLESERVER1 is PASSED.
Health check status on server EXAMPLESERVER2 is PASSED.
Health check status for system is PASSED.
In the following example, the checkWSMStatus
command is running with verbose, so detailed output is printed. The status of the credential store, policy manager, and enforcement agent is returned.
wls:/base_domain/serverConfig> checkWSMStatus(verbose='true')
Health check for server "EXAMPLESERVER":
Credential Store Configuration:
PASSED.
Message(s):
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials configured.
keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
sign-csf-key : Credentials configured.
Sign Key : Key configured.
Alias - orakey
Sign Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
enc-csf-key : Credentials configured.
Encrypt Key : Key configured.
Alias - orakey
Encrypt Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
Policy Manager:
PASSED.
Message(s):
OWSM Policy Manager connection state is OK.
OWSM Policy Manager connection URL is "host.example.com:1234".
Enforcement Agent:
PASSED.
Message(s):
Enforcement is successful.
Service URL: http://host:port/Diagnostic/DiagnosticService?wsdl
Health check status on server EXAMPLESERVER is PASSED.
Health check status for system is PASSED.
checkWSMStatus
command checks to validate wsm-pm configuration on single server in the domain. Setting the verbose
value to true send a detailed output to the file defined by the outfile
attribute. wls:/base_domain/serverConfig>checkWSMStatus('wsm-pm', target='EXAMPLESERVER',verbose='true',outfile='example.txt')
Health check for server "EXAMPLESERVER":
Policy Manager:
PASSED.
Message(s):
OWSM Policy Manager connection URL is "t3://slc05njx:8741".
OWSM Policy Manager connection state is OK.
Health check status on server EXAMPLESERVER is PASSED.
Health check status for system is PASSED.
In the following example, the credential store key keystore-csf-key
is not configured and the checkWSMStatus
command is rerun for the credential store credstore
. The status check fails because the csf-key keystore-csf-key
is not present in the credential store.
wls:/base_domain/serverConfig> checkWSMStatus('credstore',target='EXAMPLESERVER')
Health check for server "EXAMPLESERVER":
Credential Store Configuration:
FAILED.
Message(s):
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials configured.
keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
sign-csf-key : Credentials configured.
Sign Key : Key not configured.
oracle.wsm.security.SecurityException: WSM-00111 : Keystore is not properly configured. Check your keystore configurations.
Credential Store Diagnostic Messages:
Message(s):
The alias orakey is either not present in the keystore or is configured incorrectly. Check the contents of the keystore and the password for the alias "orakey". The password of the alias "orakey" should be the same as the password stored in the csf key=sign-csf-key
NOTE:- All the above commands are based on the Domain level configurations. The actual alias may have been overridden at runtime due to configuration override.
Health check status on server EXAMPLESERVER is FAILED.
Health check status for system is FAILED.
In the following example, the csf-key keystore-csf-key
is configured and the checkWSMStatus
command is rerun. The configuration check passes.
wls:/base_domain/serverConfig> createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="password", desc="Keystore Password CSF Key")
Already in Domain Runtime Tree
wls:/base_domain/serverConfig> checkWSMStatus('credstore',target='EXAMPLESERVER')
Health check status on server EXAMPLESERVER is PASSED.
Health check status for system is PASSED.
The following example checks the enforcement status of the agent component on all servers in domain.
wls:/test_domain1/serverConfig> checkWSMStatus('agent')
Health check status on server EXAMPLESERVER1 is PASSED.
Health check status on server EXAMPLESERVER2 is PASSED.
Health check status for system is PASSED.
wls:/test_domain1/serverConfig>checkWSMStatus(component='agent', address='invalidAddress')
Health check for server "EXAMPLESERVER1":
Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.
FAILED.
Message(s):
The protocol used in the URL "invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl" is not supported.
Enforcement Agent Diagnostic Messages:
Message(s):
Service URL: invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl
Make sure that the URL of the host running wsm-pm application is specified and valid. The only supported protocol is "http".
Health check status on server EXAMPLESERVER1 is FAILED.
Health check for server "EXAMPLESERVER2":
Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.
FAILED.
Message(s):
The protocol used in the URL "invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl" is not supported.
Enforcement Agent Diagnostic Messages:
Message(s):
Service URL: invalidAddress/wsm-pm-diagnostic/DiagnosticService?wsdl
Make sure that the URL of the host running wsm-pm application is specified and valid. The only supported protocol is "http".
Health check status on server EXAMPLESERVER2 is FAILED.
Health check status for system is FAILED.
checkWSMStatus
command checks to get pm communication failure history for last 200 days on server EXAMPLESERVER with output also redirected to history.txt
.wls:/test_domain1/serverConfig>checkWSMStatus(component='pmHistory', days='200 days', target='EXAMPLESERVER', outfile='history.txt')
Health check for server "EXAMPLESERVER":
Policy Manager Connection Failure History:
Message(s):
[Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-000003c2,0#1459247224547] [Failure Timestamp: 2016-03-29T03:27:04.598-07:00] [Recovery Timestamp: 2016-03-29T03:34:15.970-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Unable to proceed with the test as host url is not specified or is invalid.];credstore:PASSED;]
[Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-0000032a,0#1459160635500] [Failure Timestamp: 2016-03-28T03:23:55.500-07:00] [Recovery Timestamp: 2016-03-28T03:24:55.627-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Enforcement has failed., Service URL: http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL, Could not determine wsdl ports. WSDLException: faultCode=OTHER_ERROR: Failed to read WSDL from http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL: HTTP connection error code is 503];credstore:PASSED;]
[Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-000002a6,0#1459073942154] [Failure Timestamp: 2016-03-27T03:19:02.154-07:00] [Recovery Timestamp: 2016-03-27T03:22:05.444-07:00] [Diagnosis: wsm-pm:FAILED:[OWSM Policy Manager connection URL is "t3://slc05njx:12164"., oracle.wsm.policymanager.PolicyManagerException: WSM-02054 : Failure in looking up EJB component. The EJB JNDI name is "DocumentManager#oracle.wsm.policymanager.bean.ejb.IRemoteDocumentManager", the provider URL is "t3://slc05njx:12164"., Policy Manager Url Configuration:, java.sql.SQLNonTransientConnectionException: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 bytes. The connection has been terminated., Policy Manager User Configuration:, PM user - "OracleSystemUser" configurations are valid.];agent:FAILED:[Unable to proceed with the test as host url is not specified or is invalid.];credstore:PASSED;]
[Tracking Id: 42c2e21a-9744-4071-920f-00099560a8b9-00000291,0#1458987480506] [Failure Timestamp: 2016-03-26T03:18:00.506-07:00] [Recovery Timestamp: 2016-03-26T03:19:00.879-07:00] [Diagnosis: wsm-pm:PASSED;agent:FAILED:[Enforcement has failed., Service URL: http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL, Could not determine wsdl ports. WSDLException: faultCode=OTHER_ERROR: Failed to read WSDL from http://example.com:12164/wsm-pm-diagnostic/DiagnosticService?WSDL: HTTP connection error code is 503];credstore:PASSED;]
Health check status on server EXAMPLESERVER is PASSED.
Health check status for system is PASSED.
In the following example, no OAuth2 global policy sets are configured.
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
No OAuth2 client policy (oauth2_config_client_policy or oauth token policy) attached in the domain for client type(s): REST_CLIENT, WS_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is FAILED.
Health check status for system is FAILED.
In the following example, the OAuth2 global policy set is Configured for ws-client (SOAP client) subject type. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.oracle.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type SOAP Client: PASSED
Successful OAuth Configurations for Client Type(s): WS_CLIENT
Health check status on server jrfServer_admin is PASSED.
Health check status for system is PASSED.
In the following example, the OAuth2 global policy set is configured for ws-client (SOAP client) subject type and verbose flag true
. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2', verbose='true')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type SOAP Client: PASSED
OAuth2 Server hostname example.com is valid
OAuth2 Server token URL http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens is valid
OAuth2 Client CSF key basic.client.credentials which stores the OAuth Client Credentials is configured.
Client ID: OWSMClientId
Client credentials configured as 'oauth2.client.csf.key' config override property in oauth2 client policies are also registered with OAuth2 server
OAuth2 user tenant name configured as 'user.tenant.name' config override property in oauth2 client policies is valid
keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
keystore-csf-key : Credentials configured.
keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
sign-csf-key : Credentials configured.
Sign Key : Key configured.
Alias - orakey
Sign Certificate : Certificate configured.
Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
Expiry - June 28, 2020 11:17:12 AM PDT
Successful OAuth Configurations for Client Type(s): WS_CLIENT
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is PASSED.
Health check status for system is PASSED.
In the following example, invalid token.uri
is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/test/tokens');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type SOAP Client: FAILED
Message(s):
Diagnosis messages for client type SOAP Client :
Make sure that OAuth2 token endpoint configured as 'token.uri' config override in 'oracle/oauth2_config_client_policy' is valid
OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is FAILED.
In the following example, no Oauth2 config policy is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','oauth2.client.csf.key','basic.client.credentials');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type SOAP Client: FAILED
Policy Attachment Check Messages:
oracle/oauth2_config_client_policy is not present in any policy set configured for domain
Message(s):
OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is FAILED.
Health check status for system is FAILED.
Health check status for system is FAILED.
In the following example, no Oauth2 client policy is configured in the OAuth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','ws-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type SOAP Client: FAILED
Policy Attachment Check Messages:
OAuth2 Client Policy (For Ex: oracle/http_oauth2_token_client_policy) is not present in any policy set configured for domain
Message(s):
OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): REST_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is FAILED.
Health check status for system is FAILED.
In the following example, the keystore.sig.csf.key
is invalid in the Oauth2 GPA. Since the command checks for the OAuth2 related configuration in the GPA attached at the domain level, the steps to create GPA for is also listed.
beginWSMSession();
createWSMPolicySet('oauthTestPolicySet','rest-client','Domain("jrfServer_domain")');
attachWSMPolicy('oracle/oauth2_config_client_policy');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','oauth2.client.csf.key','basic.client.credentials');
attachWSMPolicy('oracle/http_oauth2_token_client_policy');
setWSMPolicyOverride('oracle/http_oauth2_token_client_policy','keystore.sig.csf.key','custom-sign-csf-key');
setWSMPolicyOverride('oracle/oauth2_config_client_policy','token.uri','http://example.com:14100/ms_oauth/oauth2/endpoints/oauthservice/tokens');
validateWSMPolicySet();
commitWSMSession()
wls:/test_domain1/serverConfig>checkWSMStatus('oauth2')
OAuth2 Client Configuration Status:
Message(s):
OAuth2 Client Configuration Checks for type REST Client: FAILED
Message(s):
Diagnosis messages for client type REST Client :
Make sure the property keystore.sig.csf.key configured in the OAuth2 client policies keystore-csf-key is also present in the credential store.
Please follow the steps to add a credential to the Credential Store:
1. connect()
2. createCred(map="oracle.wsm.security", key="custom-sign-csf-key", user="<sign-key-alias>", password="<sign-key-password>", desc="Sign CSF Key")
OAuth2 client policies (oracle/oauth2_config_client_policy and oauth2 token policy) can also be configured for client type(s): WS_CLIENT, SCA_REST_REFERENCE, SCA_REFERENCE
Health check for server "jrfServer_admin":
Health check status on server jrfServer_admin is FAILED.
Health check status for system is FAILED.
Parent topic: Diagnostic Commands
Web Service and Client Management Commands
Use the WLST commands listed in Table 3-5 to view and manage web services for deployed, active, and running web service applications.
Note:
The commands listed in Table 3-5 have an application
argument.
In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:
/domain/server/application#version$partition
However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application
argument as follows:
/domain/server/application#version
Table 3-5 Web Service and Client Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
List web service client ports information for an application or SOA composite. |
Online |
|
List web service client information for an application, SOA composite, or domain. |
Online |
|
List web service client port stub properties for an application or SOA composite. |
Online |
|
List the web service ports for a web service application or SOA composite. |
Online |
|
List the web service information for an application, composite, or domain. |
Online |
|
Configure the set of stub properties of a web service client port for an application or SOA composite. |
Online |
|
Set, change, or delete a single stub property of a web service client port for an application or SOA composite. |
Online |
- listWebServiceClientPorts
- listWebServiceClients
- listWebServiceClientStubProperties
- listWebServicePorts
- listWebServices
- setWebServiceClientStubProperties
- setWebServiceClientStubProperty
Parent topic: Web Services Custom WLST Commands
listWebServiceClientPorts
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Lists the web service port names and the endpoint URLs for web service clients in an application or SOA composite.
The output will display the name of the web service client/reference port. For example:
AppModuleServiceSoapHttpPort
Syntax
listWebServiceClientPorts(application,moduleOrCompName,moduleType,serviceRefName)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web services port information. For example, To list the client port information for an application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web service client port information. To list the client port information for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Service reference name of the application or SOA composite for which you want to list the web service client port information. When the client is an asynchronous web service callback client, the |
Examples
The following example lists the client ports for the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig> listWebServiceClientPorts ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient')
The following example lists the client ports in the default/HelloWorld[1.0]
SOA composite. Note that the moduleType
is set to soa
, and the serviceRefName
is set to client
.
wls:/base_domain/serverConfig> listWebServiceClientPorts(None, 'default/HelloWorld[1.0]','soa','client')
Parent topic: Web Service and Client Management Commands
listWebServiceClients
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Lists web service clients information for an application, SOA composite, or domain. If neither an application nor a composite is specified, the command lists information about all Web service clients in all applications and composites for every server instance in the domain. If an application is not specified, the command lists information about all web service clients in all applications for every server instance in the domain.
You can specify the amount of information to be displayed in the output using the detail
argument. When specified, the output provides endpoint (port) and policy details for clients in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority
configuration override), the effective
field indicates if the directly attached policies are in effect for the endpoint.
The local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing
Policies with Oracle Web Services Manager.
Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The output is listed by each application deployed as shown in the following examples:
This example shows the output of an unsecured endpoint:
wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)
/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
AppModuleServiceSoapHttpPort
The policy subject is not secure in this context.
/soa_domain/soa_server1/soa-infra : compositeName=default/Basic_SOA_Client[1.0], moduleType=soa, serviceRefName=Service1 Basic_soa_service_pt serviceWSDLURI=http://host.example.com:1234/soa-infra/services/default/Basic_SOA_service/Basic_soa_service.wsdl oracle.webservices.contentTransferEncoding=base64 oracle.webservices.charsetEncoding=UTF-8 oracle.webservices.operationStyleProperty=document wsat.flowOption=WSDLDriven oracle.webservices.soapVersion=soap1.1 oracle.webservices.chunkSize=4096 oracle.webservices.session.maintain=false oracle.webservices.preemptiveBasicAuth=false oracle.webservices.encodingStyleProperty=http://schemas.xmlsoap.org/soap/encoding/ oracle.webservices.donotChunk=true No attached policies found; endpoint is not secure.
This example shows the output for a secured endpoint. Note that the local.policy.reference.source
configuration property is provided for the directly attached policy identifying its source as LOCAL_ATTACHMENT
, indicating that it was attached using either Fusion Middleware Control or WLST. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing
Policies with Oracle Web Services Manager.
wls:/jrfServer_domain/serverConfig> listWebServiceClients(detail=true)
/jrfServer_domain/jrfServer_admin/ADFDCDecoupling_Project1_ADFDCDecoupling :
moduleName=testadfbc, moduleType=wsconn, serviceRefName=AppModuleService
AppModuleServiceSoapHttpPort serviceWSDLURI=http://host.example.com:1234/ADFBCDecoupling-ADFBCDecoupling-context-root/AppModuleService?wsdl
URI="oracle/wss10_saml_token_with_message_protection_client_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true
Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT"
The policy subject is secure in this context.
Syntax
listWebServiceClients(application,composite,[detail])
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web service clients. For example, If specified, all web services clients in the application are listed. |
|
Name of the SOA composite for which you want to list the Web service clients. For example, If specified, all Web service clients in the composite are listed. |
|
Optional. Specifies whether to list port and policy details for the web service clients. For each directly attached policy, the Valid values are:
|
Examples
The following example lists information for all web service clients in the domain.
wls:/wls-domain/serverConfig>listWebServiceClients()
The following example lists the web service clients for the application jwsclient_1#1.10
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>listWebServiceClients('base_domain/server1/jwsclient_1#1.10')
The following example lists the Web service clients for the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>listWebServiceClients(None,'default/HelloWorld[1.0]')
The following example lists details for all of the web service clients in the domain.
wls:/wls-domain/serverConfig>listWebServiceClients(None,None,true)
Parent topic: Web Service and Client Management Commands
listWebServiceClientStubProperties
Note:
This command applies to Oracle Infrastructure web service clients only.
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Lists web service client port stub properties for an application or SOA composite.
Syntax
listWebServiceClientStubProperties(application, moduleOrCompName, moduleType, serviceRefName, portInfoName)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web services client port stub properties. For example, To list the client port stub properties information for an application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services client port stub properties. To list the client port stub properties information for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Service reference name of the application or SOA composite for which you want to list the web service client port stub properties. |
|
The name of the client port for which you want to list the stub properties. |
Example
The following example lists the client port stub properties for the JRFWssUsernamePort
port of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>listWebServiceClientStubProperties ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort')
Parent topic: Web Service and Client Management Commands
listWebServicePorts
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Lists the web service port names and the endpoint URLs for a web service application or SOA composite.
The output will display the port name and endpoint URL of the web service port. For example:
JRFWssUsernamePort http://localhost:7001/j2wbasicPolicy/WssUsername
Syntax
listWebServicePorts(application,moduleOrCompName,moduleType,serviceName)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web services port information. For example, To list the port information for an application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port information. To list the port information for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Name of the web service in the application or SOA composite for which you want to list the port information. For example, { |
Example
The following example lists the web service ports and endpoint URLs for the Oracle Infrastructure web service j2wbasicPolicy
service in the base_domain/AdminServer/HelloWorld#1_0
application. Note that the WssUsernameService
module name is specified, and the moduleType
is set to web
.
wls:/base_domain/serverConfig> listWebServicePorts ( '/base_domain/AdminServer/HelloWorld#1_0', 'WssUsernameService','web','{http://namespace/}j2wbasicPolicy') JRFWssUsernamePort http://localhost:7001/j2wbasicPolicy/WssUsername
The following example lists the web service ports and endpoint URLs for the Java EE web service helloWorldJaxws
in the wls-domain/AdminServer/helloWorldJaxws
application. Note that the moduleType
is set to wls
.
wls:/wls-domain/serverConfig> listWebServicePorts ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws')
helloWorldJaxwsSoapHttpPort
Parent topic: Web Service and Client Management Commands
listWebServices
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Lists the web service information for an application, SOA composite, or domain. If you do not specify a web service application or a SOA composite, the command lists all services in all applications and composites for every server instance in the domain.
You can specify the amount of information to be displayed in the output using the detail
argument. When enabled, the output provides endpoint (port) and policy details for all applications and composites in the domain, the secure status of the endpoints, any configuration overrides and constraints, and if the endpoints have a valid configuration. In addition, the local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment, as described in "Determining the Source of Policy Attachments" in Securing Web Services and Managing
Policies with Oracle Web Services Manager.
A subject is considered secure if the policies attached to it (either directly or globally) enforce authentication, authorization, or message protection behaviors. Because you can specify the priority of a global or directly attached policy (using the reference.priority
configuration override), the effective
field indicates if the directly attached policies are in effect for the endpoint.
Note that to simplify endpoint management, all directly attached policies are shown in the output regardless of whether they are in effect. In contrast, only globally attached policies that are in effect for the endpoint are displayed. For more information, see "How the Effective Set of Policies is Calculated" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The output is listed by each application deployed as shown in the following example:
/domain/server/application#version_number: moduleName=helloModule, moduleType=web, serviceName={http://namespace/}service
/base_domain/AdminServer/soa-infra:
compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
Note:
The listWebServices
command output does not include details on SOA components, including policy attachments.
For applications assembled prior to 11g Release 1, (11.1.1.6), the namespace is not displayed with the serviceName
in the output.
Syntax
listWebServices (application,composite,[detail])
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web services. For example, If specified, all web services in the application are listed. |
|
Name of the SOA composite for which you want to list the Web services. For example, If specified, all Web services in the composite are listed. |
|
Optional. Specifies whether to list port and policy details for the web service. For each directly attached policy, the Valid values are:
|
Examples
The following example for an Oracle Infrastructure web service lists all the web services in all applications and composites in the domain. Sample output is shown in this example.
wls:/base_domain/serverConfig> listWebServices()
/base_domain/AdminServer/soa-infra :
compositeName=default/HelloWorld[1.0], moduleType=soa, serviceName=service
compositeName=default/Project1[1.0], moduleType=soa, serviceName=bpelprocess1_client_ep
/base_domain/AdminServer/jaxwsejb30ws : moduleName=jaxwsejb, moduleType=web, serviceName=JaxwsWithHandlerChainBeanService moduleName=jaxwsejb, moduleType=web, serviceName=WsdlConcreteService moduleName=jaxwsejb, moduleType=web, serviceName=EchoEJBService moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService moduleName=jaxwsejb, moduleType=web, serviceName=DoclitWrapperWTJService
The following example for an Oracle Infrastructure web service sets the detail
argument to true
. Sample output is shown in this example. Security policies are shown in bold text.
Note that the reference priority of the globally attached policy is set to 10 and the directly attached policy is not in effect for the endpoint CalculatorPort
in the application jaxwsejb30ws
.
Also, note that the local.policy.reference.source
configuration property is provided for each directly attached policy identifying the source of the attachment. For more information about the local.policy.reference.source
configuration property and a list of valid values, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing
Policies with Oracle Web Services Manager.
wls:/base_domain/serverConfig> listWebServices(detail='true') /base_domain/AdminServer/jaxwsejb30ws : moduleName=jaxwsejb, moduleType=web, serviceName=CalculatorService CalculatorPort http://host.example.com:1234/jaxwsejb/Calculator URI="oracle/wss10_saml20_token_with_message_protection_service_policy", category=security, policy-status=enabled; source=global policy set " MyPolicySet1", scope="DOMAIN('*')"; reference-status=enabled; effective=true Property name="reference.priority", value="10" URI="oracle/mex_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/mtom_encode_fault_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/max_request_size_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" Property name="max.request.size", value="-1" URI="oracle/request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/soap_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/ws_logging_level_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="logging.level", value="" Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/test_page_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/wsdl_request_processing_service_policy", category=wsconfig, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="IMPLIED_FEATURE" URI="oracle/http_saml20_token_bearer_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; reference-status=enabled; effective=false Property name="local.policy.reference.source", value="ANNOTATION" The policy subject is secure in this context.
The following example for a Java EE web service sets the detail
argument to true
. Sample output is shown in this example. The output lists all the web services in all applications and composites in the domain.
/base_domain/AdminServer/SimpleJAXWS : moduleName=SimpleJAXWS#1!SimpleEjbService, moduleType=wls, serviceName=SimpleEjbService SimplePort URI="oracle/http_basic_auth_over_ssl_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true Property name="local.policy.reference.source", value="LOCAL_ATTACHMENT" The policy subject is secure in this context. moduleName=SimpleJAXWS#1!SimpleImplService, moduleType=wls, serviceName=SimpleImplService SimplePort has Operation level ws-policy Attached policy or policies are valid; endpoint is not secure.
Parent topic: Web Service and Client Management Commands
setWebServiceClientStubProperties
Note:
This command applies to Oracle Infrastructure web service clients only.
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Configures the set of stub properties of a web service client port for an application or SOA composite.
This command configures or resets all of the stub properties for the OWSM client security policy attached to the client. Each property that you list in the command is set to the value you specify. If a property that was previously set is not explicitly specified in this command, it is reset to the default for the property. If no default exists, the property is removed.
Syntax
setWebServiceClientStubProperties(application, moduleOrCompName, moduleType, serviceRefName, portInfoName, properties)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to reset the web services client port stub properties. For example, To configure or reset the client port stub properties for an application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to reset the web services client port stub properties. To configure or reset client port stub properties for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Service reference name of the application or SOA composite for which you want to reset the web service client port stub properties. |
|
The name of the client port for which you want to reset the stub properties. |
|
The list of properties to be set or changed. Properties must be specified using the following format:
For example:
To remove a property or clear the value assigned to it, specify a blank To remove all the properties of the client port, set this argument to Sample client port stub properties are as follows:
|
Example
The following example resets the client port stub properties ROLE
and keystore.recipient.alias
to ADMIN
and orakey
, respectively. Any other properties that were previously set for this client port are either reset to the default or removed. The client port is JRFWssUsernamePort
of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>setWebServiceClientStubProperties('/base_domain/server1/jwsclient_1#1.1.0', 'WssUsernameClient','wsconn','WssUsernameClient','JRFWssUsernamePort', [("ROLE","ADMIN"),("keystore.recipient.alias","orakey")] )
Parent topic: Web Service and Client Management Commands
setWebServiceClientStubProperty
Command Category: Web Service and Client Management
Use with WLST: Online
Description
Sets, changes, or deletes a single stub property of a web service client port for an application or SOA composite.
Syntax
setWebServiceClientStubProperty(application, moduleOrCompName, moduleType, serviceRefName,portInfoName,propName,[propValue])
Argument | Definition |
---|---|
|
Name and path of the application for which you want to set the web services client port stub property. For example, To set a client port stub property for an application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to set the web services client port stub property. To set a client port stub property for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Service reference name of the application or SOA composite for which you want to set the web service client port stub property. |
|
The name of the client port for which you want to set the stub property. |
|
Stub property name that you want to set, change, or delete. For example, |
|
Optional. The stub property value, for example, To remove the property, specify a blank |
Example
The following example sets the client port stub property keystore.recipient.alias
to the value orakey
for the client port JRFWssUsernamePort
. The port is a client port of the WssUsernameClient
Web module in the /base_domain/server1/jwsclient_1#1.1.0
application. Note that the moduleType
is set to wsconn
, and the serviceRefName
is set to WssUsernameClient
.
wls:/base_domain/serverConfig>setWebServiceClientStubProperty ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort','keystore.recipient.alias','orakey')
Parent topic: Web Service and Client Management Commands
Policy Management Commands
Note:
The policy management commands for Java EE Web Services (or clients) listed in Table 3-7 have been deprecated in this release for Oracle Infrastructure Web Services.
For Oracle Infrastructure web services, to manage OWSM directly attached policies in release 12c, it is recommended that you use the new WLST commands listed in Table 3-6. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Use the WLST commands listed in Table 3-6 to manage Oracle Infrastructure and RESTful Web Services direct and global policy attachments.
Table 3-6 Oracle Infrastructure and RESTful Web Services and Clients - WLST Commands for Direct Policy Attachments
Use this command... | To... | Use with WLST... |
---|---|---|
Attach a policy to the selected policy subject or policy set document within a session. |
Online |
|
Attach multiple policies to the selected policy subject or policy set document within a session. |
Online |
|
Detach a policy from the selected policy subject or policy set document within a session. |
Online |
|
Detach multiple policies from the selected policy subject or policy set document within a session. |
Online |
|
Enable or disable multiple policies that are attached to the selected policy subject or policy set document within a session. |
Online |
|
Enable or disable a policy that is attached to the selected policy subject or policy set document within a session. |
Online |
|
Display a list of all the available OWSM policies by category or subject type. |
Online |
|
List web service client port policies information for an application or SOA composite. |
Online |
|
List web service port policy information for a web service in an application or SOA composite. |
Online |
|
Configure override properties for a policy that is attached to the selected policy subject or policy set document within a session. |
Online |
Use the WLST commands listed in Table 3-7 to manage Java EE Web Services (or clients) directly attached policies.
Note:
The commands listed in Table 3-7 have an application
argument.
In an multi-tenant environment, if you intend to target a specific application instance within a tenant's partition, then you must include the partition name as part of the application as follows:
/domain/server/application#version$partition
However, if you are targeting a domain-scoped application, then you do not have to include the partition name. You can use the application
argument as follows:
/domain/server/application#version
Table 3-7 Java EE Web Services (or Clients) - WLST Commands for Direct Policy Attachments
Use this command... | To... | Use with WLST... |
---|---|---|
Attach multiple policies to a web service client port of an application or SOA composite. |
Online |
|
Attach an OWSM policy to a web service client port of an application or SOA composite. |
Online |
|
Attach multiple policies to a web service port of an application or SOA composite. |
Online |
|
Attach a policy to a web service port of an application or SOA composite. |
Online |
|
Detach multiple policies from a web service client port of an application or SOA composite. |
Online |
|
Detach a policy from a web service client port of an application or SOA composite. |
Online |
|
Detach multiple OWSM policies from a web service port of an application or SOA composite |
Online |
|
Detach an OWSM policy from a web service port of an application or SOA composite. |
Online |
|
Enable or disable multiple policies of a web service client port of an application or SOA composite. |
Online |
|
Enable or disable a policy of a web service client port of an application or SOA composite. |
Online |
|
Enable or disable multiple policies attached to a port of a web service application or SOA composite. |
Online |
|
Enable or disable a policy attached to a port of a web service application or SOA composite. |
Online |
|
Display a list of all the available OWSM policies by category or subject type. |
Online |
|
List web service client port policies information for an application or SOA composite. |
Online |
|
List web service port policy information for a web service in an application or SOA composite. |
Online |
- attachWebServiceClientPolicies
- attachWebServiceClientPolicy
- attachWebServicePolicies
- attachWebServicePolicy
- attachWSMPolicies
- attachWSMPolicy
- detachWebServiceClientPolicies
- detachWebServiceClientPolicy
- detachWebServicePolicies
- detachWebServicePolicy
- detachWSMPolicies
- detachWSMPolicy
- enableWebServiceClientPolicies
- enableWebServiceClientPolicy
- enableWebServicePolicies
- enableWebServicePolicy
- enableWSMPolicies
- enableWSMPolicy
- listAvailableWebServicePolicies
- listWebServiceClientPolicies
- listWebServicePolicies
- setWebServicePolicyOverride
- setWSMPolicyOverride
Parent topic: Web Services Custom WLST Commands
attachWebServiceClientPolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure web services.
For Oracle Infrastructure Web Services, this command has been deprecated. It is recommended that you use the attachWSMPolicies
command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort',["oracle/wss_username_token_client_policy","oracle/log_policy"])
12c Release:
wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/wss_username_token_client_policy","oracle/log_policy"])
Command Category: Policy Management
Use with WLST: Online
Description
Attaches multiple policies to a web service client port of an application or SOA composite.
The policyURIs
are validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
attachWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to attach OWSM client policies to the web service client port. For example, To attach policies to a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, To attach policies to a client port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The client port to which you want to attach the OWSM client policy. |
|
The OWSM policy name URIs, for example, If the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example attaches the policy oracle/log_policy
to the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies (None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt',["oracle/wss_username_token_client_policy","oracle/log_policy"])
The following example attaches the policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
to the client port UpperCaseImplPort
in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicies
('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])
Parent topic: Policy Management Commands
attachWebServiceClientPolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>attachWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort',"oracle/wss_username_token_client_policy")
12c:
wls:/wls-domain/serverConfig>attachWSMPolicy("oracle/wss_username_token_client_policy")
Command Category: Policy Management
Use with WLST: Online
Description
Attaches an OWSM policy to a web service client port of an application or SOA composite.
The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
attachWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to attach a policy to the web service client port. For example, To attach a policy to a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, To attach a policy to a client port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The client port to which you want to attach the OWSM client policy. |
|
The OWSM policy name URI, for example, If the policy that you specify is already attached or exists, then this command enables the policy if it is disabled. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example attaches the client policy oracle/log_policy
to the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>attachWebServiceClientPolicy (None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')
The following example attaches the oracle/wss_username_token_client_policy
client policy to the Java EE web service client port UpperCaseImplPort
of the Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
. The web service is part of the application ClientJWS
.
wls:/wls-domain/serverConfig> attachWebServiceClientPolicy ('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")
Parent topic: Policy Management Commands
attachWebServicePolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicies
command, as described in "attachWSMPolicies". The following examples show how to migrate to use the attachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig> attachWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', ["oracle/log_policy", "oracle/wss_username_token_service_policy"])
12c Release:
wls:/wls-domain/serverConfig> attachWSMPolicies["oracle/log_policy", "oracle/wss_username_token_service_policy"])
Command Category: Policy Management
Use with WLST: Online
Description
Attaches multiple policies to a web service port of an application or SOA composite.
The policyURIs
are validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: if any of the policies that you specify in this command are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
attachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName,policyURIs,[subjectType=None])
Argument | Definition |
---|---|
|
Name and path of the application to which you want to attach the web service policies. For example, To attach the policies to a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, To attach the policies to a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ( |
|
Name of the policy subject, port, or operation. |
|
List of OWSM policy name URIs, for example, If any of the policies that you specify are already attached or exist, then this command enables the policies that are already attached (if they are disabled), and attaches the others. |
|
Optional. Policy subject type. Valid options are:
|
Example
The following example attaches the policies 'oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy'
to the port helloWorldJaxwsSoapHttpPort
of the Web module helloWorldJaxws
. The Java EE web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:wls-domain/ServerConfig>attachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort, ['oracle/binding_authorization_denyall_policy', 'oracle/wss_username_token_service_policy'])
Parent topic: Policy Management Commands
attachWebServicePolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig> attachWebServicePolicy ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')
12c Release:
wls:/wls-domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Management
Use with WLST: Online
Description
Attaches a policy to a web service port of an application or SOA composite.
The policyURI is validated through the OWSM Policy Manager APIs if the wsm-pm
application is installed on WebLogic Server and is available.
For Java EE (wls
) module types only: If the PolicyURI that you specify in this command already is attached or exists, then this command enables the policy if it is disabled.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
attachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Argument | Definition |
---|---|
|
Name and path of the application to which you want to attach a web service policy. For example, To attach a policy to a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, To attach a policy to a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite. For example, |
|
Name of the policy subject, port, or operation. |
|
OWSM policy name URI, for example, |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example attaches the policy oracle/log_policy
to the port HelloWorld_pt
of the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>attachWebServicePolicy(None, 'default/HelloWorld[1.0]','soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example attaches the policy oracle/wss_username_token_service_policy
to the port helloWorldJaxwsSoapHttpPort
of the Java EE web service helloWorldJaxws
.
wls:wls-domain/serverConfig> attachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')
A web service cannot contain both a WebLogic web service policy and an Oracle web service policy. If you have a web service with a WebLogic web service policy, you must first detach it before attaching the Oracle web service policy. The following example detaches the WebLogic web service policy Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml
from the port SimplePort
in the Java EE web service SimpleEjbService
and then attaches the Oracle web service policy oracle/wss_username_token_service_policy
.
wls:wls-domain/serverConfig>detachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort','policy:Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml')
wls:wls-domain/serverConfig>attachWebServicePolicy('/wls-domain/AdminServer/SimpleJAXWS','SimpleJAXWS#1!SimpleEjbService', 'wls','SimpleEjbService', 'SimplePort', 'oracle/wss_username_token_service_policy')
Note:
The detachWebServicePolicy
WLST command allows you to detach WebLogic web service policies from a web service. However, you cannot use the attachWebServicePolicy
WLST command to attach WebLogic web service policies. To attach WebLogic web service policies to a web service, you must use the WebLogic Administration Console.
Parent topic: Policy Management Commands
attachWSMPolicies
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, attaches multiple policies, identified by specified the URIs, to the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if attachWSMPolicies
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject selected, an error is displayed.
Syntax
attachWSMPolicies(uris, [raiseError='true|false'])
Element | Description |
---|---|
|
List of OWSM policy name URIs, for example, |
|
Optional. When set to |
Examples
The following example attaches the policies oracle/log_policy
and oracle/wss_username_token_service_policy
. It assumes that you have already selected a policy subject.
wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_service_policy"])
Parent topic: Policy Management Commands
attachWSMPolicy
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online/offline
Description
Within a session, attaches a policy, identified by the specified URI, to the selected policy subject or policy set.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if attachWSMPolicy
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected. If there is no current session and no policy subject is selected, an error is displayed.
Syntax
attachWSMPolicy(uri, [raiseError='true|false'])
Argument | Definition |
---|---|
|
OWSM policy name URI, for example, |
|
Optional. When set to |
Examples
The following example attaches the policy oracle/wss_username_token_service_policy
. It assumes that you have already selected a web service port, a web service client port, or a current policy set.
wls:/wls-domain/serverConfig>attachWSMPolicy('oracle/wss_username_token_service_policy')
Parent topic: Policy Management Commands
detachWebServiceClientPolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies
command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', ["oracle/log_policy","oracle/wss_username_token_client_policy"])
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_client_policy"])
Command Category: Policy Management
Use with WLST: Online
Description
Detaches multiple policies from a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
detachWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to detach multiple policies from a web service client port. For example, To detach multiple policies from a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach multiple policies from a client port. To detach multiple policies from a client port for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The client port from which you want to detach the OWSM client policy. |
|
The OWSM policy name URI, for example, If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. Policy subject type. Valid options are:
|
Example
The following example detaches the client policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
of the port UpperCaseImplPort
of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>detachWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"])
Parent topic: Policy Management Commands
detachWebServiceClientPolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort','oracle/wss_username_token_client_policy')
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_client_policy')
Command Category: Policy Management
Use with WLST: Online
Description
Detaches a policy from a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
detachWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName, portInfoName, policyURI, [subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to detach a policy from a web service client port. For example, To detach a policy from a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to detach the policy from a client port. To detach a policy from a client port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The client port from which you want to detach the OWSM client policy. |
|
The OWSM policy name URI, for example, If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example detaches the client policy oracle/log_policy
from the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>detachWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy' )
The following command detaches the client policy oracle/wss_username_token_client_policy
from the client port UpperCaseImplPort
in the Java EE client module wsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig> detachWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy")
Parent topic: Policy Management Commands
detachWebServicePolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicies
command, as described in "detachWSMPolicies". The following examples show how to migrate to use the detachWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', ["oracle/log_policy","oracle/wss_username_token_service_policy"])
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])
Command Category: Policy Management
Use with WLST: Online
Description
Detaches multiple OWSM policies from a web service port of an application or SOA composite.
If the wsm-pm
application is not installed or is not available, this command is not executed.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
detachWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURIs,[subjectType=None])
Argument | Definition |
---|---|
|
Name and path of the application from which you want to detach the web service policies. For example, To detach policies from a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach the web service policies. To detach policies from a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
|
Name of the policy subject, port, or operation. |
|
List of OWSM policy name URIs, for example, If a policyURI specified is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. Policy subject type. Valid options are:
|
Example
The following example detaches the policies "oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"
from the port helloWorldJaxwsSoapHttpPort
of the Java EE Web module helloWorldJaxws
. The web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:/wls-domain/serverConfig>detachWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"])
Parent topic: Policy Management Commands
detachWebServicePolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>detachWebServicePolicy('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web','{http://namespace/}WssUsernameService','JRFWssUsernamePort','oracle/wss_username_token_service_policy')
12c Release:
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Management
Use with WLST: Online
Description
Detaches an OWSM policy from a web service port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
detachWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [subjectType=None])
Argument | Definition |
---|---|
|
Name and path of the application from which you want to detach a web service policy. For example, To detach a policy from a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) from which you want to detach a web service policy. To detach a policy from a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite. For example, {http://namespace/}serviceName. Note that the namespace ({http://namespace/}) should not be included for a SOA composite. |
|
Name of the policy subject, port, or operation. |
|
OWSM policy name URI, for example, If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example detaches the policy oracle/log_policy
from the port HelloWorld_pt
of the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>detachWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example detaches the policy oracle/wss_username_token_service_policy
from the port helloWorldJaxwsSoapHttpPort
of the service helloWorldJaxws
in the Java EE web service wls-domain/AdminServer/helloWorldJaxws
.
wls:/wls-domain/serverConfig>detachWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy')
Parent topic: Policy Management Commands
detachWSMPolicies
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, detaches multiple policies, identified by an array of URIs or index values, from the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
Syntax
detachWSMPolicies(uris, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Array of URIs or index values specifying the policies to detach from a policy subject. For example, If the specified policy URIs are not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. When set to |
Examples
The following example detaches the OWSM logging policy and username token service policy from the current policy subject:
wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"])
The following example uses the index values of the OWSM logging policy and username token service URIs to detach them from the current policy subject
wls:/wls-domain/serverConfig>detachWSMPolicies('1','3')
Parent topic: Policy Management Commands
detachWSMPolicy
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, detaches a policy, identified by the specified URI or index value, from the selected policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed
Issuing this command outside of a session containing a policy subject that is being created or modified will result in an error.
Syntax
detachWSMPolicy(uri, [raiseError='true|false'])
Argument | Definition |
---|---|
|
URI or index value specifying the policy to detach from a policy subject. For example, If the specified policy URI is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. When set to |
Examples
The following example detaches the OWSM logging policy from the current policy subject.
wls:/wls-domain/serverConfig>detachWSMPolicy('oracle/log_policy')
The following example uses the index value of the OWSM logging policy's URI to detach it from the current policy subject.
wls:/wls-domain/serverConfig>detachWSMPolicy('1')
Parent topic: Policy Management Commands
enableWebServiceClientPolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies
command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', ["oracle/log_policy", "oracle/wss_username_token_client_policy"], true )
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_client_policy"], true )
Command Category: Policy Management
Use with WLST: Online
Description
Enables or disables multiple policies of a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application
Syntax
enableWebServiceClientPolicies(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURIs,[enable],[subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to enable or disable multiple policies of a web service client port. For example, To enable or disable multiple policies of a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable multiple policies of a client port. To enable or disable multiple policies of a client port for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The name of the client port to which you want to attach the OWSM client policies. |
|
The list of OWSM policy name URIs, for example, |
|
Optional. Specifies whether to enable or disable the policies. Valid options are:
If you omit this argument, the policies are enabled. |
|
Optional. Policy subject type. Valid options are:
|
Example
The following example enables the client policies oracle/wss10_saml20_token_client_policy
and oracle/wss11_message_protection_client_policy
of the port UpperCaseImplPort
of the Java EE web service module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicies('/wls-domain/AdminServer/ClientJWS','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','wls','owsm_mbean.resouce_pattern.web.ClientJWS/sei2','UpperCaseImplPort',["oracle/wss10_saml20_token_client_policy","oracle/wss11_message_protection_client_policy"], true)
Parent topic: Policy Management Commands
enableWebServiceClientPolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy
command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort', "oracle/wss_username_token_client_policy",true)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_client_policy",true)
Command Category: Policy Management
Use with WLST: Online
Description
Enables or disables a policy of a web service client port of an application or SOA composite.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
enableWebServiceClientPolicy(application,moduleOrCompName,moduleType, serviceRefName,portInfoName,policyURI,[enable],[subjectType=None] )
Argument | Definition |
---|---|
|
Name and path of the application for which you want to enable or disable a policy of a web service client port. For example, To enable or disable a policy of a client port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable or disable a policy of a client port. To enable or disable a policy of a client port for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
The service reference name of the application or composite. |
|
The name of the client port to which you want to attach the OWSM client policy. |
|
The OWSM policy name URI, for example, |
|
Optional. Specifies whether to enable or disable the policy. Valid options are:
If you omit this argument, the policy is enabled. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example enables the client policy oracle/log_policy
of the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy')
The following example disables the client policy oracle/log_policy
of the client port HelloWorld_pt
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy(None, 'default/HelloWorld[1.0]','soa','client','HelloWorld_pt','oracle/log_policy', false )
The following example disables the client policy oracle/wss_username_token_client_policy
on the client port UpperCaseImplPort
in the Java EE Web module owsm_mbean.resouce_pattern.web.ClientJWS/sei2
.
wls:/wls-domain/serverConfig>enableWebServiceClientPolicy('/wls-domain/AdminServer/ClientJWS', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'wls', 'owsm_mbean.resouce_pattern.web.ClientJWS/sei2', 'UpperCaseImplPort', "oracle/wss_username_token_client_policy", false)
Parent topic: Policy Management Commands
enableWebServicePolicies
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicies
command, as described in "enableWSMPolicies". The following examples show how to migrate to use the enableWSMPolicies
command.
11g Release:
wls:/wls-domain/serverConfig> enableWebServicePolicies ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort',["oracle/log_policy", "oracle/wss_username_token_service_policy"],true)
12c Release:
wls:/wls-domain/serverConfig> enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)
Command Category: Policy Management
Use with WLST: Online
Description
Enables or disables multiple policies attached to a port of a web service application or SOA composite.
If the policyURIs
that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
enableWebServicePolicies(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURIs,[enable],[subjectType=None] ))
Argument | Definition |
---|---|
|
Name and path of the application for which you want to enable the web service policies. For example, To enable policies that are attached to a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable web service policies. To enable policies that are attached to a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite.For example, { |
|
Name of the policy subject, port, or operation. |
|
List of OWSM policy name URIs, for example, If the |
|
Optional. Specifies whether to enable or disable the policies. Valid options are:
If you omit this argument, the policies are enabled. |
|
Optional. Policy subject type. Valid options are:
|
Example
The following example disables the policies ["oracle/binding_authorization_denyall_policy","oracle/wss_username_token_service_policy"]
attached to the port helloWorldJaxwsSoapHttpPort
of the Web module helloWorldJaxws#1!helloWorldJaxws
. The web service is part of the application helloWorldJaxws
for the server AdminServer
in the domain wls-domain
.
wls:/wls-domain/serverConfig>enableWebServicePolicies ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', ["oracle/binding_authorization_denyall_policy", "oracle/wss_username_token_service_policy"], false
)
Parent topic: Policy Management Commands
enableWebServicePolicy
Note:
Use this command for Java EE Web Services (or clients) only. It has been deprecated for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicy
command, as described in "enableWSMPolicy". The following examples show how to migrate to use the enableWSMPolicy
command.
11g Release:
wls:/wls-domain/serverConfig>enableWebServicePolicy ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy','web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort',"oracle/wss_username_token_service_policy",true)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)
Command Category: Policy Management
Use with WLST: Online
Description
Enables or disables a policy attached to a port of a web service application or SOA composite.
If the policy that you specify in this command is not attached to the port, an error message is displayed and/or an exception is thrown.
Note:
Policy changes made using this WLST command are only effective after you restart your application.
Syntax
enableWebServicePolicy(application, moduleOrCompName, moduleType, serviceName, subjectName, policyURI, [enable], [subjectType=None] ))
Argument | Definition |
---|---|
|
Name and path of the application for which you want to enable a web service policy. For example, To enable a policy that is attached to a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to enable a web service policy. To enable a policy that is attached to a port of a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
Note: The |
|
Name of the web service in the application or SOA composite. For example, { |
|
Name of the policy subject, port, or operation. |
|
OWSM policy name URI, for example, If the policy that you specify is not attached, an error message is displayed and/or an exception is thrown. |
|
Optional. Specifies whether to enable or disable the policy. Valid options are:
If you omit this argument, the policy is enabled. |
|
Optional. Policy subject type. Valid options are:
|
Examples
The following example enables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy')
The following example disables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>enableWebServicePolicy(None, 'default/HelloWorld[1.0]', 'soa','HelloService','HelloWorld_pt','oracle/log_policy',false)
The following example disables the policy oracle/wss_username_token_service_policy
attached to the port helloWorldJaxwsSoapHttpPort
for the service helloWorldJaxws
in the Java EE web service wls-domain/AdminServer/helloWorldJaxws
wls:/wls-domain/domainRuntime> enableWebServicePolicy ('/wls-domain/AdminServer/helloWorldJaxws','helloWorldJaxws#1!helloWorldJaxws', 'wls','helloWorldJaxws', 'helloWorldJaxwsSoapHttpPort', 'oracle/wss_username_token_service_policy', false)
Parent topic: Policy Management Commands
enableWSMPolicies
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, enables or disables multiple policy attachments, identified by the specified URIs, that are attached to a policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if enableWSMPolicies
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.
If the optional enable
argument is not specified, this command enables the policy attachment by default. If the policy URIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
Syntax
enableWSMPolicies(uris,[enable=true], [raiseError='true|false'])
Argument | Definition |
---|---|
|
List of OWSM policy name URIs, for example, If the |
|
Optional. Specifies whether to enable or disable the policy attachments. Valid options are:
If you omit this argument, the policies are enabled. |
|
Optional. When set to |
Examples
The following example enables the policies ["oracle/log_policy","oracle/wss_username_token_service_policy"]
attached to the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy","oracle/wss_username_token_service_policy"],true)
Parent topic: Policy Management Commands
enableWSMPolicy
Note:
This command applies to Oracle Infrastructure and RESTful web services. It does not apply to Java EE web services in this release.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, enables or disables a policy attachment, identified by a specified URI, that is attached to a policy subject.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. However, if enableWSMPolicy
is issued when creating or cloning a policy set, there is no need to select the policy set because it is already selected.
If the optional enable
argument is not specified, this command enables the policy attachment by default. If the policyURIs that you specify in this command are not attached to the port, an error message is displayed and/or an exception is thrown.
Syntax
enableWSMPolicy(uri,[enable=true], [raiseError='true|false'])
Argument | Definition |
---|---|
|
URI specifying the policy attachment within the policy set. |
|
Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:
If you omit this argument, the policy set attachment is enabled. |
|
Optional. When set to |
Examples
The following example enables the policy oracle/wss_username_token_service_policy
attached to the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>enableWSMPolicy("oracle/wss_username_token_service_policy",true)
The following example enables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy')
The following example disables the policy oracle/log_policy
attached to the port HelloWorld_pt
for the service HelloService
in the SOA composite default/HelloWorld[1.0]
.
wls:/wls-domain/serverConfig>enableWSMPolicy('oracle/log_policy',false)
Parent topic: Policy Management Commands
listAvailableWebServicePolicies
Command Category: Policy Management
Use with WLST: Online
Description
Displays a list of all the available OWSM policies by category or subject type.
Syntax
listAvailableWebServicePolicies([category],[subject])
Argument | Definition |
---|---|
|
Optional. The policy category, for example,: |
|
Optional. The policy subject type, for example,: |
Example
The following example lists all the available OWSM server security policies in the domain.
wls:/wls-domain/serverConfig>listAvailableWebServicePolicies('security','server')
Parent topic: Policy Management Commands
listWebServiceClientPolicies
Command Category: Policy Management
Use with WLST: Online
Description
Lists web service client port policies information for an application or SOA composite.
The output will display the web service client/reference port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:
test-port: URI=oracle/wss_username_token_client_policy, category=security, policy-status=enabled source=local policy set; reference-status=enabled; effective=true The policy subject is secure in this context.
Syntax
listWebServiceClientPolicies(application, moduleOrCompName, moduleType, serviceRefName,portInfoName)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web service client port policy information. For example, To list the client port policy information for a web services application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information. To list the client port policy information for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
The service reference name of the application or composite. |
|
The client port name. |
Example
The following example lists the web service client port policy information for the application jwsclient_1#1.1.0
for the server server1
in the domain base_domain
. In this example, the Web module name is WssUsernameClient
, the module type is wsconn
, the service reference name is WssUsernameClient
, and the client port name is JRFWssUsernamePort
.
wls:/wls-domain/serverConfig>listWebServiceClientPolicies ('/base_domain/server1/jwsclient_1#1.1.0','WssUsernameClient','wsconn', 'WssUsernameClient','JRFWssUsernamePort')
Parent topic: Policy Management Commands
listWebServicePolicies
Command Category: Policy Management
Use with WLST: Online
Description
Lists web service policy information for a web service port in an application or SOA composite.
The output will display the web service port name, the OWSM policies it has attached to it and details about each attachment such as the policy category, status, the source of the policy attachment, any policy override properties (if applicable), and if the policy is in effect for the subject. It also displays if the policy subject is secure. For example:
CalculatorPort: URI="oracle/wss_username_token_service_policy", category=security, policy-status=enabled; source=local policy set; reference-status=enabled; effective=true The policy subject is secure in this context.
Syntax
listWebServicePolicies(application,moduleOrCompName,moduleType,serviceName,subjectName)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to list the web services port policy information. For example, To list the port policy information for a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to list the web services port policy information. To list the port policy information for a SOA composite, the composite name is required (for example, |
|
Module type. Valid options are:
|
|
Name of the web service in the application or SOA composite for which you want to list the port policy information. For example, { |
|
Policy subject, port, or operation name. |
Examples
The following example lists the web service policy information for the port CalculatorPort
in the application jaxwsejb30ws
. In this example, the Web module name is jaxwsejb
, and the service name is CalculatorService
.
wls:/wls-domain/serverConfig>listWebServicePolicies ('/base_domain/AdminServer/jaxwsejb30ws','jaxwsejb','web', '{http://namespace/}CalculatorService', 'CalculatorPort')
The following example lists the port policy information for the SOA composite default/HelloWorld[1.0]
. Note that the moduleType
is set to SOA
, the service name is HelloService
, and the subject is a port named HelloWorld_pt
. Note that the namespace ({http://namespace/}
) should not be included for a SOA composite.
wls:/wls-domain/serverConfig>listWebServicePolicies (None, 'default/HelloWorld[1.0]', 'soa', 'HelloService', 'HelloWorld_pt')
Parent topic: Policy Management Commands
setWebServicePolicyOverride
Note:
This command has been deprecated for Oracle Infrastructure Web Services. It is recommended that you use the setWSMPolicyOverride
command, as described in "setWSMPolicyOverride".
This command does not apply to Java EE web services.
The following examples show how to migrate to use the setWSMPolicyOverride
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', 'oracle/wss_username_token_service_policy', 'reference.priority', '10')
12c Release (for repository and policy subject operations):
wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
Command Category: Policy Management
Use with WLST: Online
Description
Configures the web service port policy override properties of an application or SOA composite.
Syntax
setWebServicePolicyOverride(application,moduleOrCompName,moduleType, serviceName, portName,policyURI,properties)
Argument | Definition |
---|---|
|
Name and path of the application for which you want to override the web service port policy. For example, To override properties on a policy attached to a port of a web service application, this argument is required. |
|
Name of the Web module or SOA composite (for example, HelloWorld[1.0]) for which you want to override a web service port policy. To override properties on a policy attached to a SOA composite, the composite name is required (for example, |
|
Module type. The valid option is Note: The module type |
|
Name of the web service in the application or SOA composite. For example, { |
|
Name of the policy subject, port, or operation. |
|
OWSM policy name URI, for example, If the policy specified is not attached, an error message is displayed and/or an exception is thrown. |
|
Policy override properties. Properties must be specified using the following format:
For example: If this argument is set to |
Examples
The following example configures the override properties for the policy oracle/wss10_message_protection_service_policy
for the port JRFWssUsernamePort
of the Web module WssUsernameService
. The web service is part of the application HelloWorld#1_0
for the server server1
in the domain base_domain
.
wls:/wls-domain/serverConfig>setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', "oracle/wss10_message_protection_service_policy", [("keystore.sig.csf.key","sigkey")])
Parent topic: Policy Management Commands
setWSMPolicyOverride
Note:
For direct policy attachments, this command applies to Oracle Infrastructure and RESTful web services only. For configuration overrides on policy references within a policy set, this command also applies to Java EE web services. For more information about configuration overrides in policy sets, see "Overriding Configuration Properties for Globally Attached Policies Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
The local.policy.reference.source
property is for informational purposes only, to identify the source of the direct policy attachment, and should not be overridden. For more information, see "Determining the Source of Policy Attachments" in Securing Web Services and Managing
Policies with Oracle Web Services Manager.
Command Category: Policy Management
Use with WLST: Online
Description
Within a session, adds a configuration override, described by a name
-value
pair, to a policy identified by the specified URI and attached to the policy set document or policy subject. The value
argument is optional. If the value
argument is omitted, the property specified by the name
argument is removed from the policy subject. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value.
You must start a session and select the policy set (selectWSMPolicySet
) or policy subject (selectWSMPolicySubject
) before initiating the command. If there is no current session and no policy subject selected, an error is displayed.
Syntax
setWSMPolicyOverride(uri, name, value, [raiseError='true|false'])
Argument | Description |
---|---|
|
String representing the policy URI. For example, |
|
String representing the name of the override property. For example: |
|
Optional. String representing the value of the property. If this argument is not specified, the property specified by the |
|
Optional. When set to |
Examples
The following example specifies a configuration override for the reference.priority
property for the oracle/wss10_saml_token_service_policy
to a value of 1
.
wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')
The following example removes the property reference.priority
from the oracle/wss10_saml_token_service_policy
in the policy set.
wls:/wls-domain/serverConfig> setWSMPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')
Parent topic: Policy Management Commands
Policy Set Management Commands
Policy sets enhance the security and manageability of an enterprise by providing a mechanism to globally attach one or more policies to a subject type. Using policy sets, an administrator can specify a default set of policies to be enforced even if none are directly attached. For detailed information about determining the type and scope of resources a policy set can be attached to, see "Defining the Type and Scope of Resources for Globally Attached Policies" in the Securing Web Services and Managing Policies with Oracle Web Services Manager.
All policy set creation, modification, or deletion commands must be performed in the context of a session. A session can only act on a single policy set.
Note:
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
The policy set management commands listed in Table 3-9 have been deprecated in this release for Oracle Infrastructure Web Services.
For Oracle Infrastructure Web Services, Oracle recommends that you use the new WLST commands listed in Table 3-8 to manage OWSM policy sets in release 12c. These commands must be executed within the context of a session using the session commands described in Session Commands.
For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Use the WLST commands listed in Table 3-6 to manage globally available policy sets.
Table 3-8 Web Services Global Policy Set Management WLST Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Within a session, clone a new policy set from an existing policy set. |
Online |
|
Create a new, empty policy set within a session. |
Online |
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
Delete a specified policy set within a session. |
Online |
|
Display the configuration of a specified policy set. |
Online |
|
Enable or disable the current policy set within a session. |
Online |
|
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. |
Online |
|
Specify a policy set for modification within a session. |
Online |
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
Configure override properties to a policy set. |
Online |
|
Specify a description for a policy set selected within a session. |
Online |
|
Set an expression that attaches a policy set to the specified resource scope. |
Online |
|
Unregister or remove the resource instance that describes a registered physical resource within a session. |
Online |
|
Validate an existing policy set. |
Online |
Table 3-9 list the WLST commands that are deprecated in this release for managing Oracle Infrastructure web service global policy sets.
Table 3-9 Deprecated WLST Commands for Global Policy Set Management
Use this command... | To... | Use with WLST... |
---|---|---|
Abort the current OWSM repository modification session, discarding any changes that were made to the repository during the session. |
Online |
|
Attach a policy set to the specified resource scope. |
Online |
|
Attach a policy to a policy set using the policy's URI. |
Online |
|
Begin a session to modify the OWSM repository. |
Online |
|
Clone a new policy set from an existing policy set. |
Online |
|
Write the contents of the current session to the OWSM repository. |
Online |
|
Create a new, empty policy set. |
Online |
|
Delete all or selected policy sets from within the OWSM repository. |
Online |
|
Delete a specified policy set. |
Online |
|
Describe the contents of the current session. |
Online |
|
Detach a policy from a policy set using the policy's URI. |
Online |
|
Display the configuration of a specified policy set. |
Online |
|
Enable or disable a policy set. |
Online |
|
Enable or disable a policy attachment for a policy set using the policy's URI. |
Online |
|
List the policy sets in the repository. |
Online |
|
Migrate direct policy attachments to global policy attachments if they are identical. |
Online |
|
Specify an existing policy set for modification in the current session. |
Online |
|
Specify a run-time constraint value for a policy set selected within a session. |
Online |
|
Specify a description for the policy set selected within a session. |
Online |
|
Add a configuration override to a policy reference in the current policy set. |
Online |
|
Validate an existing policy set in the repository or in a session. |
Online |
- abortRepositorySession
- attachPolicySet
- attachPolicySetPolicy
- beginRepositorySession
- clonePolicySet
- cloneWSMPolicySet
- commitRepositorySession
- createPolicySet
- createWSMPolicySet
- deleteAllPolicySets
- deleteWSMAllPolicySets
- deletePolicySet
- deleteWSMPolicySet
- describeRepositorySession
- detachPolicySetPolicy
- displayPolicySet
- displayWSMResource
- displayWSMPolicySet
- displayWSMAvailablePolicySet
Displays the configuration of the available policy set (composed of both local and global policy attachments). - enablePolicySet
- enablePolicySetPolicy
- enableWSMPolicySet
- listPolicySets
- listWSMPolicySets
- migrateAttachments
- modifyPolicySet
- selectWSMPolicySet
- setPolicySetConstraint
- setPolicySetDescription
- setPolicySetPolicyOverride
- setWSMPolicySetConstraint
- setWSMPolicySetDescription
- setWSMPolicySetOverride
- setWSMPolicySetScope
- unregisterWSMResource
- validatePolicySet
- validateWSMPolicySet
Parent topic: Web Services Custom WLST Commands
abortRepositorySession
Note:
This command has been deprecated. It is recommended that you use the abortWSMSession
command, as described in "abortWSMSession".
The following examples show how to migrate to use the abortWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> abortRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> abortWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Aborts the current modification session, discarding any changes that were made to the repository during the session.
Syntax
abortRepositorySession()
Example
The following example aborts the current OWSM session.
wls:/wls-domain/serverConfig>abortRepositorySession()
Parent topic: Policy Set Management Commands
attachPolicySet
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetScope
command, as described in "setWSMPolicySetScope".
The following examples show how to migrate to use the setWSMPolicySetScope
command.
11g Release:
wls:/jrfServer_domain/serverConfig> attachPolicySet ('Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetScope ('Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
attachPolicySet(expression)
Argument | Definition |
---|---|
|
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
Example
The following example attaches a policy set to the specified base_domain
resource.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain")')
This example attaches a policy set to the specified base_domain
and managed_server
resources.
wls:/wls-domain/serverConfig>attachPolicySet('Domain("base_domain") and Server("managed_server")')
Parent topic: Policy Set Management Commands
attachPolicySetPolicy
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the attachWSMPolicy
command, as described in "attachWSMPolicy". The following examples show how to migrate to use the attachWSMPolicy
command.
11g Release (for both Repository and PolicySubject operation on policy set):
wls:/jrfServer_domain/serverConfig> attachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, attaches a policy, identified by the specified URI, to the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
attachPolicySetPolicy(uri)
Argument | Definition |
---|---|
|
URI specifying the policy to attach to the current policy set. For example, |
Example
The following example attaches the OWSM logging policy to the current policy set.
wls:/wls-domain/serverConfig>attachPolicySetPolicy('oracle/log_policy')
Parent topic: Policy Set Management Commands
beginRepositorySession
Note:
This command has been deprecated. It is recommended that you use the beginWSMSession
command, as described in "beginWSMSession".
The following examples show how to migrate to use the beginWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> beginRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> beginWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Begins a session to modify the OWSM Repository. A session can only act on a single policy subject, such as a policy set or a Fusion Middleware web service endpoint. An error will be displayed if there is already a current session.
Syntax
beginRepositorySession()
Example
The following example begins an OWSM Repository modification session.
wls:/wls-domain/serverConfig>beginRepositorySession()
Parent topic: Policy Set Management Commands
clonePolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the cloneWSMPolicySet
command, as described in "cloneWSMPolicySet". The following examples show how to migrate to use the cloneWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> clonePolicySet ('myNewPolicySet', 'myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> cloneWSMPolicySet ('myNewPolicySet', 'myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
clonePolicySet(name,source
,[attachTo=None
],[description=None
],[enable='true'
])
Argument | Definition |
---|---|
|
Name of the new policy set clone. |
|
Name of the source policy set that will be cloned. |
|
Optional. Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. If this argument is set to |
|
Optional. Description for the new policy set. If this argument is set to |
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The first example creates a policy set by cloning the existing myPolicySet
policy set to create a new mynewPolicySet
. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws
application in the domain.
wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>clonePolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
Parent topic: Policy Set Management Commands
cloneWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, clones a new policy set from an existing policy set. When cloning an existing policy set, all values and attachments in the source policy set are copied into the new policy set, although you can supply a different expression identifying the resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
cloneWSMPolicySet(name,source
,[scope=None
],[description=None
],[enable='true'
], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the new policy set clone. |
|
Name of the source policy set that will be cloned. |
|
Optional. Expression that attaches the policy set to the specified resource scope. If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
|
Optional. Description for the new policy set. If this argument is not specified, then the description used in the source policy set is retained. |
|
Optional. Specifies whether to enable or disable the policy set. If you omit this argument, the policy set is enabled.Valid options are:
If you omit this argument, the policy set is enabled. |
|
Optional. When set to |
Examples
The first example creates a policy set by cloning the existing myPolicySet
policy set to create a new mynewPolicySet
. The second example also creates a policy set, but narrows the resource scope to policy subjects in the specified jaxwsejb30ws
application in the domain.
wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet') wls:/wls-domain/serverConfig>cloneWSMPolicySet('myNewPolicySet','myPolicySet','Application("jaxwsejb30ws")')
See:
-
"Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Policy Set Management Commands
commitRepositorySession
Note:
This command has been deprecated. It is recommended that you use the commitWSMSession
command, as described in "commitWSMSession".
The following examples show how to migrate to use the commitWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> commitRepositorySession()
12c Release (for both Repository and PolicySubject operations):
wls:/jrfServer_domain/serverConfig> commitWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Writes the contents of the current session to the OWSM Repository. Messages are displayed that describe what was committed. An error will be displayed if there is no current session.
Syntax
commitRepositorySession()
Example
The following example commits the current repository modification session.
wls:/wls-domain/serverConfig>commitRepositorySession()
Parent topic: Policy Set Management Commands
createPolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the createWSMPolicySet
command, as described in "createWSMPolicySet". The following examples show how to migrate to use the createWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> createPolicySet('myPolicySet', 'ws-service', 'Domain("base_domain")')
12c Release:
wls:/jrfServer_domain/serverConfig> createWSMPolicySet ('myPolicySet', 'ws-service', 'Domain("base_domain")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Creates a new, empty policy set within a session. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
createPolicySet(name,type
,attachTo
,[description=None
],[enable='true'
])
Argument | Definition |
---|---|
|
Name of the new, empty policy set. |
|
The type of policy subject to which the new policy set applies. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager. |
|
Expression that attaches the policy set to the specified resource scope. For details about specifying the resource scope expression, see "Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
|
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for |
|
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The first example creates a new policy set and specifies the resource scope to only ws-service
types (Web Service Endpoint) in the base_domain
domain. The second example creates a new policy set, but also narrows the resource scope to only sca-service types (SOA Service) in the soa_server1 server in the domain.
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','ws-service','Domain("base_domain")')
wls:/wls-domain/serverConfig>createPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
Parent topic: Policy Set Management Commands
createWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, creates a new, empty policy set. When creating a new policy set, you must specify the type of policy subject that the policy set will apply to, and provide a supported expression that defines a valid resource scope in a supported format.
Issuing this command outside of a session will result in an error.
Syntax
createWSMPolicySet(name,type
,scope
,[description=None
],[enable='true'
], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the new, empty policy set. |
|
The type of policy subject that the new policy set applies to. |
|
Optional. Expression that attaches the policy set to the specified resource scope. If this argument is not specified, then the expression used in the source policy set to identify the scope of resources is retained. |
|
Optional. Description of the new policy set. If no description is specified, then the description for a new policy set will be "Global policy attachments for |
|
Optional. Specifies whether to enable or disable the new policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
|
Optional. When set to |
Examples
The following example creates a new policy set and specifies the resource scope to only ws-service
types (Web Service Endpoint) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','ws-service','Domain("base_domain")')
The following example creates a new policy set, but also narrows the resource scope to only sca-service
types (SOA Service) in the soa_server1
server in the domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-service','Server("soa_server1")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference
types (SOA RESTful references) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','sca-rest-reference','Domain("base_domain")','My policySet')
The following example creates a new policy set, narrowing the resource scope to only sca-rest-reference
types (OSB RESTful business services) in the base_domain
domain.
wls:/wls-domain/serverConfig>createWSMPolicySet('myPolicySet','biz-rest-service','Domain("base_domain")','My policySet')
See:
-
"Understanding Policy Subjects" in Understanding Oracle Web Services Manager
-
"Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager
Parent topic: Policy Set Management Commands
deleteAllPolicySets
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMAllPolicySets
command, as described in "deleteWSMAllPolicySets". The following examples show how to migrate to use the deleteWSMAllPolicySets
command.
11g Release:
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
Command Category: Policy Set Management
Use with WLST: Online
Description
Deletes all or selected policy sets from within the OWSM repository. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
Syntax
deleteAllPolicySets([mode])
Argument | Definition |
---|---|
|
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
Examples
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets("force")
Starting Operation deleteAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteAllPolicySets('prompt')
Starting Operation deleteAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteAllPolicySets Operation Completed.
Parent topic: Policy Set Management Commands
deleteWSMAllPolicySets
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Deletes all or selected policy sets within a session. You can specify whether to force deletion of all the policy sets, or prompt to select individual policy sets for deletion. If deletion of any policy set fails then this operation throws an exception and no policy sets are deleted.
Syntax
deleteWSMAllPolicySets([mode], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. The action to be taken for performing policy set deletion. Valid options are:
If no mode is specified, this argument defaults to |
|
Optional. When set to |
Examples
The following example automatically deletes all policy sets from the respository without prompting.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets("force")
Starting Operation deleteWSMAllPolicySets ...
All policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
The following examples delete selected policy sets from the repository.
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets()
or
wls:/jrfServer_domain/serverConfig> deleteWSMAllPolicySets('prompt')
Starting Operation deleteWSMAllPolicySets ...
Policy Set Name: create_policyset_6
Select "create_policyset_6" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_8
Select "create_policyset_8" for deletion (yes/no/cancel)? yes
Policy Set Name: create_policyset_21
Select "create_policyset_21" for deletion (yes/no/cancel)? no
Policy Set Name: create_policyset_10
Select "create_policyset_10" for deletion (yes/no/cancel)? yes
All the selected policy sets were deleted successfully from repository.
deleteWSMAllPolicySets Operation Completed.
Parent topic: Policy Set Management Commands
deletePolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the deleteWSMPolicySet
command, as described in "deleteWSMPolicySet". The following examples show how to migrate to use the deleteWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> deletePolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> deleteWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Deletes a specified policy set within a session. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Syntax
deletePolicySet(name)
Argument | Definition |
---|---|
|
Name of the policy set to be deleted. |
Example
The following example deletes a specified myPolicySet
policy set.
wls:/wls-domain/serverConfig>deletePolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
deleteWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, deletes a specified policy set. If the session already contains a different policy set, an error will display. If the session already contains the named policy set, then a creation will be undone or a modification will be converted into a deletion.
Issuing this command outside of a session will result in an error.
Syntax
deleteWSMPolicySet(name, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the policy set to be deleted. |
|
Optional. When set to |
Examples
The following example deletes a specified myPolicySet
policy set.
wls:/wls-domain/serverConfig>deleteWSMPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
describeRepositorySession
Note:
This command has been deprecated. It is recommended that you use the describeWSMSession
command, as described in "describeWSMSession". The following examples show how to migrate to use the describeWSMSession
command.
11g Release (for Repository operations):
wls:/jrfServer_domain/serverConfig> describeRepositorySession()
12c Release (for both Repository and Policy Subject operations):
wls:/jrfServer_domain/serverConfig> describeWSMSession()
Command Category: Policy Set Management
Use with WLST: Online
Description
Describes the contents of the current session. This will either indicate that the session is empty or list the name of the policy subject that is being updated, along with the type of update (create, modify, or delete). An error will be displayed if there is no current session.
Syntax
describeRepositorySession()
Example
The following example describes the current repository modification session.
wls:/wls-domain/serverConfig>describeRepositorySession()
Parent topic: Policy Set Management Commands
detachPolicySetPolicy
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the detachWSMPolicy
command, as described in "detachWSMPolicy". The following examples show how to migrate to use the detachWSMPolicy
command.
11g Release (for both Repository and Policy Subject operations on policy set):
wls:/jrfServer_domain/serverConfig> detachPolicySetPolicy ('oracle/wss_username_token_service_policy')
12c Release:
wls:/jrfServer_domain/serverConfig> detachWSMPolicy('oracle/wss_username_token_service_policy')
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, detaches a policy, identified by a specified URI, from the current policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
detachPolicySetPolicy(uri)
Argument | Definition |
---|---|
|
URI specifying the policy to detach to the current policy set. For example, |
Example
The following example detaches the OWSM logging policy from the current policy set.
wls:/wls-domain/serverConfig> detachPolicySetPolicy('oracle/log_policy')
Parent topic: Policy Set Management Commands
displayPolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the displayWSMPolicySet
command, as described in "displayWSMPolicySet". The following examples show how to migrate to use the displayWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> displayPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> displayWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
Syntax
displayPolicySet([name])
Argument | Definition |
---|---|
|
Optional. Name of the policy set to be displayed. If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
Example
The following example displays the configuration of the myPolicySet
policy set.
wls:/wls-domain/serverConfig>displayPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
displayWSMResource
Note:
This command applies to Oracle Infrastructure and RESTful Web services. It does not apply to Java EE Web services in this release.
Command Category: Respository
Use with WLST: Online
Description
Displays the configuration of a registered resource instance. If the resource instance is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the resource instance does not exist. This command can be issued outside of a session.
displayWSMResource(resourceName=None), (resourceName=Type)
Argument | Definition |
---|---|
|
The name of an existing resource instance. This is a combination of platform name, domain name, and logical name of resource, separated by a forward slash. If null, then the currently selected resource will be displayed. |
|
Specifies the type of resource. The value must be one of the following:
If the |
Examples
The following example displays the configuration of the application named myApplication
in the base_cell
domain on the IBM WebSphere application server.
wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell/myApplication')
The following example displays the configuration of the base_cell
domain on the IBM WebSphere application server.
wls:/wls-domain/serverConfig> displayWSMResource('/WAS/base_cell','domain')
Since the resourceType
argument is omitted, the following example displays...
displayWSMResource()
Parent topic: Policy Set Management Commands
displayWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Displays the configuration of a specified policy set. If the policy set is being modified in the current session, then that version will be displayed; otherwise, the latest version in the repository will be displayed. An error will display if the policy set does not exist.
This command can be issued outside of a session.
Syntax
displayWSMPolicySet([name], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. Name of the policy set to be displayed. If a name is not specified, the configuration of the policy set, if any, in the current session is displayed or an error message is displayed. |
|
Optional. When set to |
Examples
The following example displays the configuration of the myPolicySet
policy set.
wls:/wls-domain/serverConfig>displayWSMPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
displayWSMAvailablePolicySet
Displays the configuration of the available policy set (composed of both local and global policy attachments).
Command Category: Policy Set Management
Use with WLST: Online
Description
Displays the configuration of the available policy set (composed of both local and global policy attachments). It includes all relevant attached policies along with its topology nodes, regardless of whether the policies, policy references, and global policy sets are enabled or disabled. It includes policies without any conflict filtering. The policy subject stores the policy set information. It throws an exception, if there is no current session and no selected policy subject.
Syntax
displayWSMAvailablePolicySet([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
displayWSMAvailablePolicySet()
Parent topic: Policy Set Management Commands
enablePolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet
command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> enablePolicySet(true)
12c Release:
wls:/jrfServer_domain/serverConfig> enableWSMPolicySet(true)
Command Category: Policy Set Management
Use with WLST: Online
Description
Enables or disables the current policy set within a session. If not specified, this command enables the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enablePolicySet([enable=True])
Argument | Definition |
---|---|
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
Example
The following example enables the current policy set.
wls:/wls-domain/serverConfig>enablePolicySet(true)
Parent topic: Policy Set Management Commands
enablePolicySetPolicy
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the enableWSMPolicySet
command, as described in "enableWSMPolicySet". The following examples show how to migrate to use the enableWSMPolicySet
command.
11g Release:
wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)
12c Release:
wls:/wls-domain/serverConfig>enableWSMPolicy('/oracle/log_policy',false)
Command Category: Policy Set Management
Use with WLST: Online
Description
Within a session, enables or disables the policy attachment, which is identified by the provided URI in the current policy set. If not specified, this command enables the policy set. An error displays if the identified policy is not currently attached to the policy set.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enablePolicySetPolicy(uri,[enable=true])
Argument | Definition |
---|---|
|
URI specifying the policy attachment within the policy set. |
|
Optional. Specifies whether to enable or disable the policy attachment specified by the URI in the policy set. Valid options are:
If you omit this argument, the policy set attachment is enabled. |
Example
The following example disables the specified logging policy attachment within the current policy set.
wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false)
Parent topic: Policy Set Management Commands
enableWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, enables or disables the current policy set. If the optional enable
argument is not specified, this command enables the policy set by default.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
enableWSMPolicySet([enable=True], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. Specifies whether to enable or disable the policy set. Valid options are:
If you omit this argument, the policy set is enabled. |
|
Optional. When set to |
Examples
The following example enables the current policy set.
wls:/wls-domain/serverConfig>enableWSMPolicySet(true)
Parent topic: Policy Set Management Commands
listPolicySets
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the listWSMPolicySets
command, as described in "listWSMPolicySets". The following examples show how to migrate to use the listWSMPolicySets
command.
11g Release:
wls:/wls-domain/serverConfig>listPolicySets('ws-service')
12c Release:
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service')
Command Category: Policy Set Management
Use with WLST: Online
Description
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or limit the display to include only those that apply to specific policy subject resource types.
Syntax
listPolicySets([type=None])
Argument | Definition |
---|---|
|
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. The type of policy subject must be one of the policy subjects described in "Understanding Policy Subjects" in Understanding Oracle Web Services Manager If this argument is set to |
Example
The first two examples list policy sets by either the ws-service
or ws-client
resource types. The third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listPolicySets('ws-service') wls:/wls-domain/serverConfig>listPolicySets('ws-client') wls:/wls-domain/serverConfig>listPolicySets()
Parent topic: Policy Set Management Commands
listWSMPolicySets
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Lists the policy sets in the repository. This command will also display a policy set that is being created, modified, or deleted within the current session. You can list all the policy sets or use the type
argument to limit the display to include only those sets that apply to specific policy subject resource types.
Syntax
listWSMPolicySets([type=None], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. Specifies the type of policy subject for which the associated policy sets will be displayed. If this argument is set to |
|
Optional. When set to |
Examples
The first two examples list policy sets by either the ws-service
or ws-client
resource types. Whereas, the third example lists all the policy sets stored in the repository.
wls:/wls-domain/serverConfig>listWSMPolicySets('ws-service') wls:/wls-domain/serverConfig>listWSMPolicySets('ws-client') wls:/wls-domain/serverConfig>listWSMPolicySets()
See:
-
"Understanding Policy Subjects" in Understanding Oracle Web Services Manager.
Parent topic: Policy Set Management Commands
migrateAttachments
Note:
This command has been deprecated. It is recommended that you use the migrateWSMAttachments
command, as described in "migrateWSMAttachments". The following examples show how to migrate to use the migrateWSMAttachments
command.
11g Release:
wls:/jrfServer_domain/serverConfig> migrateAttachments()
12c Release:
wls:/jrfServer_domain/serverConfig> migrateWSMAttachments()
Command Category: Policy Set Management
Use with WLST: Online
Description
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.
Note:
A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments()
command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.
Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.
Syntax
migrateAttachments([mode])
Argument | Definition |
---|---|
|
The action to be taken for each policy attachment that can be migrated. Valid options are:
If no mode is specified, this argument defaults to |
Example
The following examples describe how to use the repository attachment migration modes.
wls:/wls-domain/serverConfig>migrateAttachments() wls:/wls-domain/serverConfig>migrateAttachments('force') wls:/wls-domain/serverConfig>migrateAttachments('preview') wls:/wls-domain/serverConfig>migrateAttachments('prompt')
Parent topic: Policy Set Management Commands
modifyPolicySet
Note:
For Oracle Infrastructure Web Services, it is recommended that you use the selectWSMPolicySet
command, as described in "selectWSMPolicySet". The following examples show how to migrate to use the selectWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> modifyPolicySet('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> selectWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a policy set for modification in the current session. The latest version of the named policy set will be loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
Syntax
modifyPolicySet(name)
Argument | Definition |
---|---|
|
Name of the policy set to be modified in the current session. |
Example
The following example opens the myPolicySet
policy set for modification in the current session.
wls:/wls-domain/serverConfig>modifyPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
selectWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, specifies a policy set for modification. The latest version of the named policy set is loaded into the current session. If the session already contains a different policy set, then an error will be displayed; if the session already contains the named policy set, then no action will be taken. Subsequent attempts to modify the named policy set will show the current version in the session.
Issuing this command outside of a session will result in an error.
Syntax
selectWSMPolicySet(name, [raiseError='true|false'])
Argument | Description |
---|---|
|
Name of the policy set to be modified in the current session. |
|
Optional. When set to |
Examples
The following example selects a policy set in the current session named myPolicySet
.
wls:/wls-domain/serverConfig> selectWSMPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
setPolicySetConstraint
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetConstraint
command, as described in "setWSMPolicySetConstraint". The following examples show how to migrate to use the setWSMPolicySetConstraint
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a run-time constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
For more information, see "Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
setPolicySetConstraint(constraint)
Argument | Definition |
---|---|
|
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
Example
The following example specifies that the policy set apply only to requests from external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set apply only to requests from non-external clients.
wls:/wls-domain/serverConfig> setPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
Parent topic: Policy Set Management Commands
setPolicySetDescription
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicySetDescription
command, as described in "setWSMPolicySetDescription". The following examples show how to migrate to use the setWSMPolicySetDescription
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetDescription ('Global policy set for web service endpoint.')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicySetDescription ('Global policy set for web service endpoint.')
Command Category: Policy Set Management
Use with WLST: Online
Description
Specifies a description for a policy set selected within a session.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setPolicySetDescription(description)
Argument | Definition |
---|---|
|
Describes a policy set. |
Example
The following example creates a description for a policy set.
wls:/wls-domain/serverConfig>setPolicySetDescription('PolicySetDescription')
Parent topic: Policy Set Management Commands
setPolicySetPolicyOverride
Note:
This command has been deprecated. It is recommended that you use the setWSMPolicyOverride
command, as described in "setWSMPolicyOverride". The following examples show how to migrate to use the setWSMPolicyOverride
command.
11g Release:
wls:/jrfServer_domain/serverConfig> setPolicySetPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
12c Release:
wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
Command Category: Policy Set Management
Use with WLST: Online
Description
Adds a configuration override, described by a name
, value
pair, to an attached policy reference in the current policy set. The value
argument is optional. If the value
argument is omitted, the property specified by the name
argument is removed from the policy reference in the policy set. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value specified with the value
argument.
Issuing this command outside of a session containing a policy set that is being created or modified results in an error.
Syntax
setPolicySetPolicyOverride(uri,name,[value=None])
Argument | Definition |
---|---|
|
String representing the OWSM policy URI, for example, |
|
String representing the name of the override property. For example: |
|
Optional. String representing the value of the property. If this argument is not specified, the property specified by the |
Example
The following example specifies a configuration override for the reference.priority
property for the oracle/wss10_saml_token_service_policy
to a value of 1
.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority','1')
The following example removes the property reference.priority
from the oracle/wss10_saml_token_service_policy
in the policy set.
wls:/wls-domain/serverConfig> setPolicySetPolicyOverride('oracle/wss10_saml_token_service_policy', 'reference.priority')
Parent topic: Policy Set Management Commands
setWSMPolicySetConstraint
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, specifies a constraint value for a policy set selected within a session. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setWSMPolicySetConstraint(constraint, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Expression that specifies the run-time context to which the policy set applies. If not specified, the policy set applies to all run-time contexts. |
|
Optional. When set to |
Examples
The following example specifies that the policy set applies only to requests from external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
The following example specifies that the policy set applies only to requests from non-external clients.
wls:/wls-domain/serverConfig> setWSMPolicySetConstraint('!HTTPHeader("VIRTUAL_HOST_TYPE","external")')
See:
-
"Specifying Run-time Constraints in Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Policy Set Management Commands
setWSMPolicySetDescription
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, specifies a description for a policy set. Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setWSMPolicySetDescription(description, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Describes a policy set. |
|
Optional. When set to |
Examples
The following example creates a description for a policy set.
wls:/wls-domain/serverConfig>setWSWPolicySetDescription('PolicySetDescription')
Parent topic: Policy Set Management Commands
setWSMPolicySetOverride
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, adds a configuration override, described by a name
-value
pair, to the currently selected policy set. The override is unscoped to any specific policy reference. The value
argument is optional. If the value
argument is omitted, a null is assumed for value
, and the property specified by the name
argument is removed from the policy set. If the property specified by the name
argument already exists and a value
argument is provided, the current value is overwritten by the new value.
You must start a session and select the policy set (using the selectWSMPolicySet
command), before initiating the command. Issuing this command outside of a session containing a policy subject that is being created or modified results in an error.
Syntax
setWSMPolicySetOverride(name,[value=None], [raiseError='true|false'])
Argument | Description |
---|---|
|
String representing the name of the override property. For example: |
|
Optional. String representing the value of the property. If this argument is not specified, a null is assumed and the property specified by the |
|
Optional. When set to |
Examples
The following example specifies a configuration override for the on.behalf.of
property for the policy set selected in the session to a value of true
.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of','true')
The following example removes the property on.behalf.of
from the policy set.
wls:/wls-domain/serverConfig> setWSMPolicySetOverride('on.behalf.of')
Parent topic: Policy Set Management Commands
setWSMPolicySetScope
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, sets an expression that attaches a policy set to the specified resource scope. The expression must define a valid resource scope in a supported format.
Issuing this command outside of a session containing a policy set that is being created or modified will result in an error.
Syntax
setWSMPolicySetScope(expression, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Expression that attaches the policy set to the specified resource scope. |
|
Optional. When set to |
Examples
The following example attaches a policy set to the specified base_domain
resource.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain")')
This example attaches a policy set to the specified base_domain
and managed_server
resources.
wls:/wls-domain/serverConfig>setWSMPolicySetScope('Domain("base_domain") and Server("managed_server")')
See:
-
"Defining the Resource Scope" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Policy Set Management Commands
unregisterWSMResource
Command Category: Repository
Use with WLST: Online
Description
Within a session, unregisters or removes the resource instance that describes a physical resource, such as an application server, or unregister a sub-resource existing within a resource instance. The sub-resource holds the information about the client and service ports of a resource. Issuing this command outside of a session will result in an error.
Syntax
unregisterWSMResource(resource, [assembly=None], [subject=None])
Arguments | Description |
---|---|
resource |
Name of existing resource instance. This is a combination of platform name, domain name, and logical name, separated by a forward slash. |
assembly |
Name of assembly used to identify a sub-resource within a resource instance. This is the combination of module type and module name, separated by a hash character. |
subject |
Name of the subject identifying the sub-resource. This is a combination of sub-resource type; that is, either "server" or "client" and service, or reference name and port name, separated by a hash character. |
Examples
The following example unregisters the myApplication
in the base_domain
on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource ('/WAS/base_cell/myApplication')
The following example registers the IBM WebSphere platform domain WAS/base_cell
.
wls:/jrfServer_domain/serverConfig> registerWSMResource ('WAS/base_cell')
The following example unregisters the base_domain
on the IBM WebSphere application server.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell')
The following example unregisters the StockQuoteServicePort endpoint that resides on the IBM WebSphere platform in the application /WAS/base_cell/myApplication
.
wls:/jrfServer_domain/serverConfig> unregisterWSMResource (‘/WAS/base_cell/myApplication', ‘web# myModule', ‘service(StockQuoteService# StockQuoteServicePort)')
Parent topic: Policy Set Management Commands
validatePolicySet
Note:
This command has been deprecated. It is recommended that you use the validateWSMPolicySet
command, as described in "validateWSMPolicySet". The following examples show how to migrate to use the validateWSMPolicySet
command.
11g Release:
wls:/jrfServer_domain/serverConfig> validatePolicySet ('myPolicySet')
12c Release:
wls:/jrfServer_domain/serverConfig> validateWSMPolicySet ('myPolicySet')
Command Category: Policy Set Management
Use with WLST: Online
Description
Validates an existing policy set. If a policy set name is provided, the command will validate the specified policy set. If no policy set name is specified, the command will validate the policy set in the current session.
An error message displays if the policy set does not exist, or a name is not provided and the session is not active, or if the OWSM repository does not contain a suitable policy set.
Syntax
validatePolicySet([name=None])
Argument | Definition |
---|---|
|
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
Example
The first example validates the policy set in the current session. The second example validates the specified myPolicySet
policy set.
wls:/wls-domain/serverConfig>validatePolicySet() wls:/wls-domain/serverConfig>validatePolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
validateWSMPolicySet
Command Category: Policy Set Management
Use with WLST: Online/offline
Description
Within a session, validates an existing policy set. If a policy set name is provided, the specified policy set is validated. If no policy set name is specified, the policy set in the current session is validated.
If the policy set does not exist, if a name is not provided and the session is not active, or if the repository does not contain a suitable policy set, an error message is displayed.
Syntax
validateWSMPolicySet([name=None], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional. Name of the policy set to validate. If a name is not provided then the command will validate the policy set being created or modified in the current session. |
|
Optional. When set to |
Examples
The first example validates the policy set in the current session. The second example validates the specified myPolicySet
policy set.
wls:/wls-domain/serverConfig> validateWSMPolicySet() wls:/wls-domain/serverConfig> validateWSMPolicySet('myPolicySet')
Parent topic: Policy Set Management Commands
OWSM Repository Management Commands
Use the commands listed in Table 3-10 to manage the Oracle Infrastructure Web Services documents stored in the OWSM repository. For additional information about upgrading or migrating documents in an OWSM repository, see Upgrading the OWSM Repository in the Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note:
The repository management commands listed in Table 3-11 have been deprecated in this release.
To manage the OWSM repository in release 12c, it is recommended that you use the new WLST commands listed in Table 3-10. For a complete list of deprecated commands, see "Deprecated Commands for Oracle Infrastructure Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
Additional MDS WLST commands are described in Metadata Services (MDS) Custom WLST Commands.
Table 3-10 Oracle Infrastructure Web Services - WLST Commands for Repository Management
Use this command... | To... | Use with WLST... |
---|---|---|
Export a set of applications metadata from the repository into a supported ZIP archive. Note: This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services. |
Online |
|
Export a set of documents from the repository into a supported ZIP archive. |
Online |
|
Import a set of documents from a supported ZIP archive into the repository. |
Online |
|
Migrate the custom roles and policies from the |
Online |
|
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. |
Online |
|
Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. |
Online |
|
Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. |
Online |
Table 3-11 list the WLST commands for managing the OWSM repository that have been deprecated in this release.
Table 3-11 Deprecated WLST Commands for Repository Management
Use this command... | To... | Use with WLST... |
---|---|---|
Export a set of documents from the repository into a supported ZIP archive. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. |
Online |
|
Import a set of documents from a supported ZIP archive into the repository. You can provide the location of a file that describes how to map a physical information from the source environment to the target environment. |
Online |
|
Delete the existing policies stored in the repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. |
Online |
|
Upgrade the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. |
Online |
- exportRepository
- exportWSMAppMetadata
- exportWSMRepository
- importRepository
- importWSMArchive
- migrateWSMPMRoles
- migrateWSMAttachments
- resetWSMPolicyRepository
- resetWSMRepository
- upgradeWSMPolicyRepository
- upgradeWSMRepository
Parent topic: Web Services Custom WLST Commands
exportRepository
Note:
This command has been deprecated. It is recommended that you use the exportWSMRepository
command, as described in "exportWSMRepository". The following examples show how to migrate to use the exportWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> exportRepository ("/tmp/repo.zip")
12c Release:
wls:/jrfServer_domain/serverConfig> exportWSMRepository ("/tmp/repo.zip")
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:
The specified archive already exists. Update existing archive? Enter "yes" to merge documents into existing archive, "no" to overwrite, or "cancel" to cancel the operation.
You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.
Read only documents, such as predefined policies and assertion templates, will not be included in the export.
Syntax
exportRepository(archive,[documents=None],[includeShared='false']
)
Argument | Definition |
---|---|
|
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive. |
|
Optional. The documents to be exported to the archive. If no documents are specified, then all assertion templates, intents, policies, and policy sets will be exported. You can specify a list of the documents to be exported, or use a search expression to find specific documents in the repository. |
|
Optional. Specifies whether the policy references should be expanded during export. |
Example
The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip
file.
wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.zip")
This example exports only the MyPolicySet1
, MyPolicySet2
, and MyPolicySet3
policy sets to the policies.jar
file, and also expands all the policy references output during the export process.
wls:/wls-domain/serverConfig>exportRepository("/tmp/policies.jar", ["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)
This example exports policy sets using wildcards to the some_global_with_noreference_2
file.
wls:/wls-domain/serverConfig>exportRepository('./export/some_global_with_noreference_2', ['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)
Parent topic: OWSM Repository Management Commands
exportWSMAppMetadata
Note:
This command is supported for Oracle Infrastructure and RESTful web services only. This command is not supported for ADF DC web service clients and Java EE web services.
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Exports a set of application metadata from the repository into a supported ZIP archive. If the specified archive already exists, you are presented with a set of options: merge the documents into the existing archive, overwrite the archive, or cancel the operation. By default, all metadata for applications in the current domain is exported to the archive, or you can use a search expression to export specific metadata for applications in the repository.
Note:
Read only documents, such as predefined policies and assertion templates, will not be included in the export.
Syntax
exportWSMAppMetadata(archive,[applications=None],[includeShared='false'], [raiseError='true|false'])
Argument | Description |
---|---|
|
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive. |
|
Optional. The metadata of applications to be exported to the archive. If no application names are specified, then all metadata for applications in the current domain will be exported. You can specify a list of search expressions to find specific application metadata in the repository, using this syntax: /{ |
|
Optional. Specifies whether the shared documents (those that are specified as policy references within wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export. |
|
Optional. When set to |
Examples
The first example exports the application metadata in the repository into the applications.zip
file and saves it in the tmp
directory.
The second example exports the metadata of the applications whose names begin with SalesApp
and TradeApp
into the applications.zip
file and saves it in the tmp
directory.
The third example exports the metadata of the applications whose names begin with SalesApp
and TradeApp
into the applications.zip
file and saves it in the tmp
directory. Additionally, shared resources are included in this export.
wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip") wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"]) wls:/wls-domain/serverConfig> exportWSMAppMetadata("/tmp/applications.zip",["/WLS/base_domain/SalesApp%","WLS/base_domain/TradeApp%"], true)
Note:
Use integer values 0
(false
) or 1
(true
) to pass Boolean types on wsadmin
and ojbst
because the Python version used by these scripting tools may not support Boolean types.
Parent topic: OWSM Repository Management Commands
exportWSMRepository
Command Category: OWSM Repository Management
Use with WLST: Online/offline
Description
Exports a set of documents from the OWSM repository into a supported ZIP archive. If the specified archive already exists, the following options are presented:
The specified archive already exists. Update existing archive? Enter "yes" to merge documents into existing archive, "no" to overwrite, or "cancel" to cancel the operation.
You can also specify a list of the documents to be exported, or use a search expression to find specific documents in the repository.
Note:
Read only documents, such as predefined policies and assertion templates, will not be included in the export.
Syntax
exportWSMRepository(archive,[documents=None],[includeShared='false']
, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the archive file. If the specified archive already exists, you can choose whether to overwrite the archive or merge the documents into the existing archive. During override, the original archive is backed up and a message describes the location of the backup archive. |
|
Optional. The documents to be exported to the archive. If no documents are specified, then only shared documents that include policies and policy sets will be exported. If this argument is specified as an empty string |
|
Optional. Specifies whether the shared documents (those that are specified as policy references within policy sets and wsm-assembly documents) should be included during export. Because read-only documents can not be exported, only custom or cloned shared policies will be included in the export. |
|
Optional. When set to |
Examples
The following examples describe repository export sessions. The first example exports all OWSM documents to the policies.zip
archive.
wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.zip")
This example exports only the MyPolicySet1
, MyPolicySet2
, and MyPolicySet3
policy sets to the policies.jar
archive, and also expands all the policy references output during the export process.
wls:/wls-domain/serverConfig>exportWSMRepository("/tmp/policies.jar", ["/policysets/MyPolicySet1","/policysets/MyPolicySet2","/policysets/MyPolicySet3"], true)
This example exports policy sets using wildcards to the some_global_with_noreference_2
archive.
wls:/wls-domain/serverConfig>exportWSMRepository('./export/some_global_with_noreference_2', ['policysets:global/web_%','policysets:global/web_ref%', 'policysets:global/web_call%'], false)
Parent topic: OWSM Repository Management Commands
importRepository
Note:
This command has been deprecated. It is recommended that you use the importWSMArchive
command, as described in "importWSMArchive". The following examples show how to migrate to use the importWSMArchive
command.
11g Release (for repository documents):
wls:/jrfServer_domain/serverConfig> importRepository ("/tmp/repo.zip")
12c Release (for repository documents):
wls:/jrfServer_domain/serverConfig> importWSMArchive ("/tmp/repo.zip")
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map
argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar")
.
Read only documents, such as predefined policies and assertion templates, will not be included in the import.
Syntax
importRepository(archive,[map=None],[generateMapFile='false'
])
Argument | Definition |
---|---|
|
Path to the archive file that contains the list of documents to be imported. If a document being imported is a duplicate of the current version that already exists in the repository, then it will not be imported and a new version of the document is not created |
|
Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the If you specify a map file without setting the |
|
Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to After the map file is created you can edit it using any text editor. The map file contains the document names given in the archive file and their corresponding Note: When importing documents into the repository, OWSM validates the |
Example
The following examples describe repository import sessions.
The first example imports the contents of the policies.zip
file into the repository.
wls:/wls-domain/serverConfig>importRepository("/tmp/policies.zip")
This example uses the generateMapFile
argument to generate a map file.
wls:/wls-domain/serverConfig>importRepository("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)
Here is an example of a generated map file:
This is an auto generated override file containing the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated according to the new environment details. If there is no update required for any document name,that entry may be either deleted or commented using the character ("#") [Resource Scope Mappings ]
sca_component_add_1=Composite("*Async*")
sca_reference_add_1=Composite("*Basic_SOA_Client*")
sca_reference_no=Server("*")
sca_service_add_1=Composite("*Basic_SOA_service")
web_callback_add_1=Application("*") web_client_add_1=Module("*") web_reference_add_1=Domain("*") web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*") ws_service_no_1=Server("*Admin*")
This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map
.
wls:/wls-domain/serverConfig>importRepository('../export/export_all', 'export_all_map')
Parent topic: OWSM Repository Management Commands
importWSMArchive
Command Category: OWSM Repository Management
Use with WLST: Online/offline
Description
Imports a set of documents from a supported ZIP archive into the OWSM repository. You can use the map
argument to provide the location of a file that describes how to map physical information from the source environment to the target environment. For example, you can use the map file to ensure that the attachment expression in a policy set document is updated to match the target environment, such as Domain("foo")=Domain("bar")
.
Read only documents, such as predefined policies and assertion templates, will not be included in the import.
Syntax
importWSMArchive(archive,[map=None],[generateMapFile='false'
], [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the archive file. |
|
Optional. Location of a sample map file that describes how to map physical information from the source environment to the target environment. You can generate a new map file by setting the If you specify a map file without setting the |
|
Optional. Specify whether to create a sample map file at the location specified by the map argument. No documents are imported when this argument is set to After the file is created you can edit it using any text editor. The Note: When importing documents into the repository, OWSM validates the |
|
Optional. When set to |
Examples
The following examples describe repository import sessions.
The first example imports the contents of the policies.zip
file into the repository.
wls:/wls-domain/serverConfig>importWSMArchive("/tmp/policies.zip")
This example uses the generateMapFile
argument to generate a map file.
wls:/wls-domain/serverConfig>importWSMArchive("./export/some_global_with_noreference_2', map="./export/some_global_with_noreference_2_map', generateMapFile=true)
Here is an example of a generated map file:
This is an auto generated override file containing the document names given in the archive file and their corresponding attachTo values. The attachTo value can be updated according to the new environment details. If there is no update required for any document name,that entry may be either deleted or commented using the character ("#") [Resource Scope Mappings ]
sca_component_add_1=Composite("*Async*")
sca_reference_add_1=Composite("*Basic_SOA_Client*")
sca_reference_no=Server("*")
sca_service_add_1=Composite("*Basic_SOA_service")
web_callback_add_1=Application("*") web_client_add_1=Module("*") web_reference_add_1=Domain("*") web_service_add_1=Domain("*domain*") and Server("*soa*") and Application("*ADF*") ws_service_no_1=Server("*Admin*")
This example illustrates how to import documents using a generated map file: /some_global_with_noreference_2_map
.
wls:/wls-domain/serverConfig>importWSMArchive('../export/export_all', 'export_all_map')
Parent topic: OWSM Repository Management Commands
migrateWSMPMRoles
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Migrates the custom roles and policies from the Plan.xml
file to the wsm-pm.ear
policy store. If the Plan.xml
file is not used to override default security, then this command will not migrate the wsm-pm.ear
policy store.
Syntax
migrateWSMPMRoles(domain, [raiseError='true|false'])
Arguments | Description |
---|---|
domain |
Absolute path to the domain home where the |
|
Optional. When set to |
Example
In the following example, custom roles and policies are migrated from the Plan.xml
file to the wsm-pm.ear
policy store that resides in '/WLS/myDomain
.
wls:/wls-domain/serverConfig> migrateWSMPMRoles('/WLS/myDomain')
Parent topic: OWSM Repository Management Commands
migrateWSMAttachments
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Migrates direct (local) policy attachments that are identical to the external global policy attachments that would otherwise be attached to each policy subject in the current domain. You can specify whether to force the migration, prompt for confirmation before each migration, or simply list the migrations that would occur. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any scoped configuration overrides.
Note:
A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments()
command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached.
Whether forced or prompted, the command lists each direct policy attachment that is migrated. This output will identify the policy subject that was modified, the URI of the identical policy reference, and the name of the global policy attachment document that duplicated the direct attachment.
Syntax
migrateWSMAttachments([mode='prompt'])
Argument | Definition |
---|---|
|
The action to be taken for each policy attachment that can be migrated. Valid options are:
If no mode is specified, this argument defaults to |
Examples
The following examples describe how to use the repository attachment migration modes.
wls:/wls-domain/serverConfig>migrateWSMAttachments() wls:/wls-domain/serverConfig>migrateWSMAttachments('force') wls:/wls-domain/serverConfig>migrateWSMAttachments('preview') wls:/wls-domain/serverConfig>migrateWSMAttachments('prompt')
Parent topic: OWSM Repository Management Commands
resetWSMPolicyRepository
Note:
This command has been deprecated. It is recommended that you use the resetWSMRepository
command, as described in "resetWSMRepository". The following examples show how to migrate to use the resetWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> resetWSMPolicyRepository()
12c Release:
wls:/jrfServer_domain/serverConfig> resetWSMRepository()
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Deletes the existing policies stored in the OWSM repository and refresh it with the latest set of predefined policies that are provided in the new installation of the Oracle Fusion Middleware software. You can use the clearStore
argument to specify whether to delete all policies, including custom user policies, from the OWSM repository before loading the new predefined policies.
Syntax
resetWSMPolicyRepository([clearStore='false'])
Argument | Definition |
---|---|
|
Policies to be deleted. Valid values are:
|
Example
The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:
wls:/wls-domain/serverConfig>resetWSMPolicyRepository(true)
Note:
Use integer values 0
(false
) or 1
(true
) to pass Boolean types on wsadmin
and ojbst
because the Python version used by these scripting tools may not support Boolean types.
Parent topic: OWSM Repository Management Commands
resetWSMRepository
Command Category: OWSM Repository Management
Use with WLST: Online/offline
Description
Deletes the existing policies stored in the repository and refresh it with the current set of predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. You can use the clearStore
argument to specify whether to delete all policies, including custom user policies, from the repository before loading the new predefined policies.
Note:
These command also updates the version number of the predefined policies and assertion templates.Syntax
resetWSMRepository([clearStore='false'])
Argument | Definition |
---|---|
|
Policies to be deleted. Valid values are:
|
Examples
The following example deletes all the policies in the repository, including user policies, and adds the predefined policies provided in the current product installation:
wls:/wls-domain/serverConfig>resetWSMRepository(true)
Parent topic: OWSM Repository Management Commands
upgradeWSMPolicyRepository
Note:
This command has been deprecated. It is recommended that you use the upgradeWSMRepository
command, as described in "upgradeWSMRepository". The following examples show how to migrate to use the upgradeWSMRepository
command.
11g Release:
wls:/jrfServer_domain/serverConfig> upgradeWSMPolicyRepository()
12c Release:
wls:/jrfServer_domain/serverConfig> upgradeWSMRepository()
Command Category: OWSM Repository Management
Use with WLST: Online
Description
Upgrades the OWSM predefined policies stored in the OWSM repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.
This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:
-
For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.
-
For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.
Syntax
upgradeWSMPolicyRepository()
Example
The following example upgrades the existing installation with policies provided in the latest release:
wls:/wls-domain/serverConfig>upgradeWSMPolicyRepository()
Parent topic: OWSM Repository Management Commands
upgradeWSMRepository
Command Category: OWSM Repository Management
Use with WLST: Online/offline
Description
Upgrades the OWSM predefined policies stored in the repository with any new predefined policies that are provided in the latest installation of the Oracle Fusion Middleware software. If the repository is empty, all of the predefined policies included in the installation are loaded into the repository.
This command does not remove any existing predefined and user-defined custom policies in the repository. If a predefined policy has been modified or discontinued in a subsequent release, one of the following occurs:
-
For policies that have been discontinued, a message is displayed listing the discontinued policies. In this case, Oracle recommends that you no longer reference the policies and remove them using Oracle Enterprise Manager.
-
For policies that have changed in the subsequent release, a message is displayed listing the changed policies. Oracle recommends that you import the latest version of the policies using Oracle Enterprise Manager.
Syntax
upgradeWSMRepository()
Examples
The following example upgrades the existing installation with policies provided in the latest release:
wls:/wls-domain/serverConfig>upgradeWSMRepository()
Parent topic: OWSM Repository Management Commands
Token Issuer Trust Configuration Commands
Use the WLST commands listed in Table 3-12 to view and define trusted issuers, trusted distinguished name (DN) lists, token attribute rules for trusted DNs, and import, export, or revoke federation metadata.
When using WLST to create, modify, and delete token issuer trust documents, you must execute the commands in the context of a session. Each session applies to a single trust document only.
For additional information about using these commands, see "Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
The help('wsmManage')
now displays JWT trusted issuers as a supported token type.
Table 3-12 Web Services Token Issuer Trust Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Create a new token issuer trust document using the name provided. |
Online |
|
Delete the entry for the issuer, including the DN list in it. |
Online |
|
Delete a token attribute rule associated with a trusted DN. |
Online |
|
Delete the token issuer trust document, specified by the name argument, from the repository. |
Online |
|
Display the names of the DN lists associated with a specified issuer. |
Online |
|
Export trusted issuers, associated DNs, and token attribute rules. |
Online |
|
Import trusted issuers, associated DNs, and token attribute rules. |
Online |
|
List the token issuer trust documents in the repository. |
Online |
|
Remove trusted issuers, associated DNs, and token attribute rules. |
Online |
|
Select the token issuer trust document, identified by the name argument, to be modified in the session. |
Online |
|
Specify a trusted token issuer with a DN list. |
Online |
|
Add, delete, or update token attribute rules for a given token signing certificate DN. |
Online |
|
Set the mapping to map value of an attribute for a trusted DN to local user attribute value and the mapped user attribute. |
Online |
|
Set or reset the display name of the Token Issuer Trust document currently selected in the session. |
Online |
|
setWSMTokenIssuerTrustVirtualUser |
Specify a trusted token issuer with a DN list for virtual user. |
Online |
deleteWSMTokenIssuerTrustVirtualUser |
Delete a virtual user associated with a trusted DN from the token issuer trust document. |
Online |
setWSMTokenIssuerTrustVirtualUserRoleMapping |
For any DN in the trusted DN list of a trusted token issuer, this command sets the mapping the roles for a virtual user. |
Online |
displayWSMTokenIssuerTrustAttributeRule |
Display the mapping of the roles for a virtual user. |
Online |
Import the signing certificate (federation metadata document) and configure WS-Trust for the Relying Party (RP-STS) in OWSM. |
Online |
|
Generates the signed or unsigned federation document for the Identity Provided STS (IP-STS) or Service Provider. |
Online |
|
Removes the signing certificates from OWSM and the WS-Trust configuration from the federation metadata document. |
Online |
|
setWSMJWKTokenIssuerTrust | Imports the JWK document from a trusted issuer and configures the trust in OWSM. | Online |
revokeWSMJWKTokenIssuerTrust | It reverses the trust configuration done in setWSMJWKTokenIssuerTrust. It also removes any imported certificates. | Online |
enableWSMTokenIssuerTrustOneToken | Enables or disables 1Paas - 1Token Trust for a given DN and/or Issuer. | Online |
enableWSMTokenIssuerTrust | Enables or disables trusted issuer and key identifiers in the current Token Issuer Trust document. | Online |
setWSMTokenIssuerTrustProxy | Configures proxy for a token issuer trust. | Online |
removeWSMTokenIssuerTrustProxy | Removes the proxy configured for the token attribute rule identified by issuer and identifier. | Online |
displayWSMTokenIssuerTrustProxy | Displays the proxy configured for the token attribute rule identified by issuer and identifier. | Online |
importWSMDiscoveryMetadata |
Imports WSMDiscoveryMetadata from a trusted issuer and configures the trust in OWSM. |
Online |
revokeWSMDiscoveryMetadata |
Removes the trust configuration done using importWSMDiscoveryMetadata. It also removes any imported certificates. |
Online |
Adds or Deletes trusted relying party. |
Online |
|
Displays trusted relying party for a given type. |
Online |
- createWSMTokenIssuerTrustDocument
- deleteWSMTokenIssuerTrust
- deleteWSMTokenIssuerTrustAttributeRule
- deleteWSMTokenIssuerTrustDocument
- displayWSMTokenIssuerTrust
- displayWSMTokenIssuerTrustAttributeFilterAndMapping
Displays token attribute filters and mappings rule of trusted users and attributes for a specified DN. - exportWSMTokenIssuerTrustMetadata
- importWSMTokenIssuerTrustMetadata
- listWSMTokenIssuerTrustDocuments
- revokeWSMTokenIssuerTrust
- selectWSMTokenIssuerTrustDocument
- setWSMTokenIssuerTrust
- setWSMTokenIssuerTrustAttributeFilter
- setWSMTokenIssuerTrustAttributeMapping
- setWSMTokenIssuerTrustDisplayName
- setWSMTokenIssuerTrustVirtualUser
- deleteWSMTokenIssuerTrustVirtualUser
- setWSMTokenIssuerTrustVirtualUserRoleMapping
- displayWSMTokenIssuerTrustAttributeRule
- importFederationMetadata
- exportFederationMetadata
- revokeFederationMetadata
- setWSMJWKTokenIssuerTrust
- revokeWSMJWKTokenIssuerTrust
- enableWSMTokenIssuerTrustOneToken
- enableWSMTokenIssuerTrust
- setWSMTokenIssuerTrustProxy
- removeWSMTokenIssuerTrustProxy
- displayWSMTokenIssuerTrustProxy
- importWSMDiscoveryMetadata
- revokeWSMDiscoveryMetadata
- addWSMTokenIssuerTrustRP
- displayWSMTokenIssuerTrustRP
Parent topic: Web Services Custom WLST Commands
createWSMTokenIssuerTrustDocument
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Within a session, creates a new token issuer trust document using the name provided.
You must start a session (beginWSMSession
) before creating or modifying any token issuer trust documents. If there is no current session or there is already an existing modification process, an error is displayed.
Syntax
createWSMTokenIssuerTrustDocument(name, displayName, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Name of the document to be created. An error is thrown if a name is not provided. |
|
Optional. Display name for the document. |
|
Optional. When set to |
Examples
In the following example, the trust document named tokenissuertrustWLSbase_domain
is created, with a display name of wls_domain Trust Document
. In the second example, no display name is provided.
wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain","wls_domain Trust Document") wls:/wls-domain/serverConfig> createWSMTokenIssuerTrustDocument("tokenissuertrustWLSbase_domain")
See:
-
"Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Parent topic: Token Issuer Trust Configuration Commands
deleteWSMTokenIssuerTrust
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Within a session, deletes the list of all the trusted key identifiers matching the type (such as dns.hok
, dns.sv
, or dns.jwt
) for the issuer specified. This issuer must exist in the token issuer trust document selected in the session for modification. If no trusted key identifiers exist, then the issuer itself is deleted.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
Syntax
deleteWSMTokenIssuerTrust(type, issuer, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Type of issuer to be deleted, such as |
|
Name of the issuer whose trusted DN list will be deleted. |
|
Optional. When set to |
Examples
In the following example, the issuer www.yourCompany.com
and the DN list in the dns.sv
trusted SAML sender vouches client list for the issuer are deleted:
wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrust('dns.sv', 'www.yourCompany.com')
See:
Parent topic: Token Issuer Trust Configuration Commands
deleteWSMTokenIssuerTrustAttributeRule
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Delete a token attribute rule associated with a trusted DN from the token issuer trust document.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
Syntax
deleteWSMTokenIssuerTrustAttributeRule(dn, [raiseError='true|false'])
Arguments | Description |
---|---|
|
The DN of the token signing certificate that identifies the rule to be deleted. |
|
Optional. When set to |
Examples
In the following example, the token attribute rule associated with the 'CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
trusted DN is deleted.
wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrustAttributeRule('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US')
See:
Parent topic: Token Issuer Trust Configuration Commands
deleteWSMTokenIssuerTrustDocument
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Deletes the token issuer trust document, specified by the name argument, from the repository. The default token issuer trust document cannot be deleted.
Syntax
deleteWSMTokenIssuerTrustDocument (name, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Name of the token issuer trust document to be deleted. |
|
Optional. When set to |
Examples
In the following example, the token issuer trust document tokenissuertrustWLSbase_domain
trust document is deleted:
wls:/wls-domain/serverConfig> deleteWSMTokenIssuerTrustDocument('tokenissuertrustWLSbase_domain')
Parent topic: Token Issuer Trust Configuration Commands
displayWSMTokenIssuerTrust
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Displays the list of all the trusted key identifiers matching the type specified, such as dns.hok
, dns.sv
, or dns.jwt
, and the issuer
name.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
Syntax
displayWSMTokenIssuerTrust(type, issuer=None, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Type of the trusted key identifiers list to be displayed for the issuer. For example, |
|
Optional. Name of the trusted issuer for which the trusted key identifiers list is to be displayed. If you do not specify an issuer name, all of the trusted issuers for the given type are listed. |
|
Optional. When set to |
Examples
In the following example, the DN lists for the www.example.com
trusted issuer are displayed:
wls:/wls-domain/serverConfig> displayWSMTokenIssuerTrust('dns.sv', 'www.example.com')
Parent topic: Token Issuer Trust Configuration Commands
displayWSMTokenIssuerTrustAttributeFilterAndMapping
Displays token attribute filters and mappings rule of trusted users and attributes for a specified DN.
Description
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Given a DN like 'CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', this command displays token attribute filters and mappings rule of trusted users and attributes for the specified DN.
Note:
Before running this command, you must select a token issuer trust document in the session for modification.Syntax
displayWSMTokenIssuerTrustAttributeFilterAndMapping(dn,[raiseError='true|false'])
Where the arguments are as follows:
Examples
displayWSMTokenIssuerTrustAttributeFilterAndMapping("CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US")
Parent topic: Token Issuer Trust Configuration Commands
exportWSMTokenIssuerTrustMetadata
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Export the trust configuration (issuers, DNs, and token attribute rules) for all trusted issuers. The configuration will be exported to an XML file identified by the specified location. The configuration for the issuers specified in the exclude list will not be exported. If no argument is passed, trust configuration for all trusted issuers will be exported.
Syntax
exportWSMTokenIssuerTrustMetadata(trustFile,excludeIssuers=None, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Location of the file where the exported metadata will be stored. |
|
Optional. The list of issuers for which trust metadata should not be exported. |
|
Optional. When set to |
Examples
The following examples show the exportWSMTokenIssuerTrustMetadata command.
exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml', excludeIssuers=['www.example.com','www.myissuer.com']) exportWSMTokenIssuerTrustMetadata('/tmp/trustData.xml',['www.example.com']) exportWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml')
Parent topic: Token Issuer Trust Configuration Commands
importWSMTokenIssuerTrustMetadata
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Import the trust configuration (issuers, DNs, and token attribute rules) for all trusted issuers. The configuration will be imported from the specified XML file.
Syntax
importWSMTokenIssuerTrustMetadata(trustFile, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Location of the file from where the configuration will be imported. |
|
Optional. When set to |
Examples
The following examples show the importWSMTokenIssuerTrustMetadata command.
importWSMTokenIssuerTrustMetadata(trustFile='/tmp/trustData.xml') importWSMTokenIssuerTrustMetadata('/tmp/trustData.xml')
Parent topic: Token Issuer Trust Configuration Commands
listWSMTokenIssuerTrustDocuments
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
When used without any arguments, this command lists all the token issuer trust documents in the repository. If the detail argument is set to true
, the display name and the status of the document are also displayed.
You can use the wildcard character (*) in combination with other characters. If no wildcard character is specified in the name argument, the document that matches the name argument exactly is displayed. If the detail
argument is set to true
, the contents of the document are listed.
This command can be executed inside and outside of a session.
Syntax
listWSMTokenIssuerTrustDocuments(name='*', detail='false', [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Optional. Name of the token issuer trust document. You can use wildcards with this argument. |
|
Optional. List the details for the requested document. The default is |
|
Optional. When set to |
Examples
In the following example, the token issuer trust document tokenissuertrustWLSbase_domain
trust document is deleted:
wls:/wls-domain/serverConfig> listWSMTokenIssuerTrustDocuments(detail='true')
Parent topic: Token Issuer Trust Configuration Commands
revokeWSMTokenIssuerTrust
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Remove trusted issuers, associated DNs, and token attribute rules. The issuers specified in the exclude list will not be removed. If no argument is passed, then all trusted issuers and associated configuration will be removed.
Syntax
revokeWSMTokenIssuerTrust(excludeIssuers=None, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Optional list of issuers for which the trust configuration should not be removed. |
|
Optional. When set to |
Examples
The following examples show the revokeWSMTokenIssuerTrust command.
revokeWSMTokenIssuerTrust(excludeIssuers=['www.example.com','www.issuer.com']) revokeWSMTokenIssuerTrust(['www.example.com','www.issuer.com']) revokeWSMTokenIssuerTrust()
Parent topic: Token Issuer Trust Configuration Commands
selectWSMTokenIssuerTrustDocument
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Selects the token issuer trust document, identified by the name argument, to be modified in the session. The name must match the value of the name attribute in the document.
You must start a session (beginWSMSession
) before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
Syntax
selectWSMTokenIssuerTrustDocument(name, [raiseError='true|false'])
Argument | Definition |
---|---|
|
Name of the document to modified in the session. An error is thrown if a name is not provided. |
|
Optional. When set to |
Examples
In the following example, the tokenissuertrustWLSbase_domain
document is selected for modification:
wls:/wls-domain/serverConfig> selectWSMTokenIssuerTrustDocument('tokenissuertrustWLSbase_domain')
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrust
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Specify a trusted token issuer with a DN list. This command behaves as follows:
-
If the trusted issuer already exists for the type specified, and you provide a list of DNs or aliases for the
trustedKeys
argument, the previous list is replaced with the new list. If you enter an empty set ([]
) for thetrustedDNs
argument, then the list of DN values are deleted for the issuer. -
If the trusted issuer does not exist for the type specified and you specify a value for the
trustedKeys
argument, the issuer is created with the associated DN list. If you do not set thetrustedKeys
argument, a new issuer is created with an empty DN list.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
You cannot modify the default token issuer trust document.
Syntax
setWSMTokenIssuerTrust(type, issuer, [trustedKeys]=None, [raiseError='true|false'])
Argument | Definition |
---|---|
|
The type of the tokens issued by the issuer and how the issuer signing the certificates is identified with trusted keys. The following types are supported:
|
|
The name of the trusted issuer, for example |
|
Optional. List of trusted key identifiers values to set for the specified issuer. |
|
Optional. When set to |
Examples
In the following example, www.yourcompany.com
is set as a trusted issuer and a DN list is not specified:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www,yourcompany.com', [])
In the following example, the name 'CN=orcladmin, OU=Doc, O=Oracle, C=US'
in added to the dns.sv
DN list for the www.example.com
trusted issuer.
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www.example.com', ['CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'CN=orcladmin, OU=Doc, O=Oracle, C=US'])
In the following example, the list of DN values in the dns.sv
DN list is removed from the www.example.com
trusted issuer:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dns.sv', 'www.example.com', [])
In the following example, the alias orakey
is specified as the X509 certificate alias for the SAML SV token type for the www.example.com
trusted issuer:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrust('dn.alias.sv', 'www.example.com', ['orakey'])
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustAttributeFilter
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Adds, deletes, or updates token attribute rules for a given token signing certificate DN.
Each rule has two parts: a name ID and an attributes part for user attributes that a DN for a signing certificate can assert. The name ID and the attribute can contain a filter with multiple value patterns.
This command behaves as follows:
-
If the attribute specified by the
attr-name
argument already exists with a list of filter values and you provide a new list of values for thefilters
argument, the previous list is replaced with the new list. If you enter an empty set ([]
) for thefilters
argument, then the existing list of filter values is deleted. -
If the attribute specified by the
attr-name
argument does not exist and you specify a list of values for thefilters
argument, the attribute is created and added to the document with the specified filter values. If you do not provide a value for the filters argument, an error is thrown.
You must start a session (beginWSMSession
) and select a token issuer trust document for modification before executing this command. If there is no current session or there is already an existing modification process, an error is displayed.
Note:
You must first use the setWSMTokenIssuerTrust
command to configure a list of trusted DN names for an issuer.
Syntax
setWSMTokenIssuerTrustAttributeFilter(dn, attr-name, filters, [raiseError='true|false'])
Argument | Definition |
---|---|
|
The DN of the token signing certificate. |
|
The name of the attribute to assert. The value can be as follows:
|
|
Optional. List of filters for the attribute. The list has the format [' When If |
|
Optional. When set to |
Examples
In the following example, the name ID yourTrustedUser
is set as a trusted user for the weblogic
trusted DN:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser'])
In the following example, the name IDs jdoe
is added to the list of trusted users for the weblogic
trusted DN:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US','name-id', ['yourTrustedUser', 'jdoe'])
In the following example, the list of trusted users for the weblogic
trusted DN is removed:
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustAttributeFilter('CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US', 'name-id', [])
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustAttributeMapping
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
For any DN in the trusted DN list of a trusted token issuer, this command sets the mapping for the attribute (for example, name-id
) as specified by the attrName
argument. The user attribute argument is optional, and it indicates the local user attribute it corresponds to. The user mapping attribute is also optional and indicates the user attribute to be used in the system to authenticate the users.
Syntax
setWSMTokenIssuerTrustAttributeMapping(dn,attrName,userAttribute=None, userMappingAttribute=None, [raiseError='true|false'])
Arguments | Definition |
---|---|
|
DN as the identifier of the token attribute rule where modifications would be done. |
|
Name of the user attribute for which the mapping will be applied. |
|
Optional name of the local user attribute the value of the attribute corresponds to. |
|
Optional name of the local user attribute to map to. |
|
Optional. When set to |
Examples
The following examples show the setWSMTokenIssuerTrustAttributeMapping command.
setWSMTokenIssuerTrustAttributeMapping('CN=weblogic, OU=Orakey, O=Oracle, C=US', 'name-id', 'mail', 'uid') setWSMTokenIssuerTrustAttributeMapping('CN=weblogic, OU=Orakey, O=Oracle, C=US','name-id')
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustDisplayName
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Sets or resets the display name of the Token Issuer Trust document currently selected in the session.
You must start a session (beginWSMSession
) before creating or modifying any token issuer trust documents. If there is no current session or there is already an existing modification process, an error is displayed.
Syntax
setWSMTokenIssuerTrustDisplayName("displayName", [raiseError='true|false'])
Arguments | Definition |
---|---|
|
Name to be set as a display name for the document currently selected for modification in the session. |
|
Optional. When set to |
Examples
In the following example, the display name for the trust document being modified is set to Test Document
.
wls:/wls-domain/serverConfig> setWSMTokenIssuerTrustDisplayName("Test Document")
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustVirtualUser
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Specify a trusted token issuer with a DN list for virtual user.
Syntax
setWSMTokenIssuerTrustVirtualUser(dn, enabled=true, [default-roles], [role-attributes])
Argument | Definition |
---|---|
|
DN of the token signing certificate. |
|
Indicates whether the virtual user is enabled or not. The default value is |
|
Optional. List of default roles. |
|
Optional. List of attribute names in the token to be used as roles. |
Examples
To disable the virtual user for the specified DN, the actual configuration for the role attributes, role mapping and default roles should not change:
wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustVirtualUser(‘CN=alice’, ‘false’)
To enable the virtual user and set the default role for the DN:
wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustVirtualUser(‘CN=alice’, ‘true’, [‘member’], [])
To enable the virtual user and set the role attribute:
wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustVirtualUser(‘CN=alice’, ‘true’, [], [‘urn:dir:attribute-def:personAffiliation’])
Parent topic: Token Issuer Trust Configuration Commands
deleteWSMTokenIssuerTrustVirtualUser
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
Delete a virtual user associated with a trusted DN from the token issuer trust document.
Syntax
deleteWSMTokenIssuerTrustVirtualUser(dn)
Argument | Definition |
---|---|
|
DN of the token signing certificate. |
Examples
To delete a virtual user associated with a trusted DN from the token issuer trust document:
wls:/wls-domain/serverConfig>deleteWSMTokenIssuerTrustVirtualUser(‘CN=alice’)
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustVirtualUserRoleMapping
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
For any DN in the trusted DN list of a trusted token issuer, this command sets the mapping the roles for a virtual user, as specified by the mapping-roles
argument.
Syntax
setWSMTokenIssuerTrustVirtualUserRoleMapping(dn, token-role,[mapping-roles])
Argument | Definition |
---|---|
|
DN of the token signing certificate. |
|
Value of the role attribute. |
|
Optional. List of roles to be mapped to. |
Examples
To add the token role and its mapping values:
wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustVirtualUserRoleMapping (‘CN=alice’, ‘staff’, [‘manager’, ‘executer’])
To delete the token role staff and its mapping values:
wls:/wls-domain/serverConfig>setWSMTokenIssuerTrustVirtualUserRoleMapping("CN=alice","staff")
Parent topic: Token Issuer Trust Configuration Commands
displayWSMTokenIssuerTrustAttributeRule
Note:
This command applies to Oracle Infrastructure web services only.
Command Category: Token Issuer Trust Configuration
Use with WLST: Online/offline
Description
For any DN in the trusted DN list of a trusted token issuer, this command displays the token attribute rule.
Syntax
displayWSMTokenIssuerTrustAttributeRule(dn=None)
Argument | Definition |
---|---|
|
Optional. The identifier of token attribute rule to be displayed. If not set, the list of the token attribute rule will be displayed. The default value is |
Examples
To display the token attribute rule for the specified virtual user:
wls:/wls-domain/serverConfig>displayWSMTokenIssuerTrustAttributeRule(‘CN=alice’)
To display all the DNs for which token attribute rule is set:
wls:/wls-domain/serverConfig>displayWSMTokenIssuerTrustAttributeRule(None)
Parent topic: Token Issuer Trust Configuration Commands
importFederationMetadata
Description
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Import the signing certificate (federation metadata document) and configure the WS-Trust for the Relying Party (RP-STS) in OWSM.
Syntax
importFederationMetadata(federationFile,nameIdAttribute=None,[filterValues=None],userAttribute=None,userMappingAttribute=None)
Arguments | Description |
---|---|
|
Location of the federation metadata file. This can be an Web URL or file system path. |
|
Optional. The name of the attribute to assert in case the name ID maps to non standard attribute. |
|
Optional. List of filter values to be set for the attribute. Each value can be an exact value. |
|
Optional. The name of the local user attribute to the value of the corresponding attribute. |
|
Optional. The name of the local user attribute to be mapped. |
Example 3-1 Examples
In the following example, the federation metadata is imported using URL and attribute rule.
wls:/wls-domain/serverConfig> importFederationMetadata('https://mycompany.com/FederationMetadata/2007-06/Federation.xml',"Unique_name",['filter'],'mail','uid')
In the following example, the federation metadata is imported using the file from the system path.
wls:/wls-domain/serverConfig> importFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml')
Parent topic: Token Issuer Trust Configuration Commands
exportFederationMetadata
Description
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Generates the signed or unsigned federation document for the Identity Provider STS (IP-STS) or Service Provider (SP).
Syntax
exportFederationMetadata(federationFile, metadataType, issuer, signMetadata , [signAliases=None], [encAliases=None])
Arguments | Description |
---|---|
|
Location of the federation metadata file. This can be an Web URL or file system path. |
|
Type of metadata document. For example, IDP or SP |
|
Name of the issuer. For IDP, you must specify the host name. For example: For SP, you must specify the service URL. For example:https: |
|
Optional. The default value is |
|
Optional. List the CSF Keys for the JKS keystore or aliases when the KSS keystore is used. If no argument is provided then the sign key is not added. If an empty array is provided then sign key configured during domain configuration will be used. |
|
Optional. List the CSF Keys for the JKS keystore or aliases when the KSS keystore is used. If no argument is provided then the encryption key is not added. If an empty array is provided then encryption key configured during domain configuration will be used. |
Example 3-2 Examples
In the following example, unsigned federation metadata document is generated for Service provider. Role descriptor does not have an encryption key.
wls:/wls-domain/serverConfig> exportFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml','SP','www.abc.com')
In the following example, signed federation metadata document is generated for Service provider. Role descriptor includes an encryption key configured at the domain level.
wls:/wls-domain/serverConfig> exportFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml','SP','www.abc.com','true',None,[])
In the following example, signed federation metadata document is generated for Identity Provider. Role descriptor includes a signing key configured at the domain level.
wls:/wls-domain/serverConfig> exportFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml','IDP','www.abc.com','true',[],None)
In the following example, signed federation metadata document is generated for Identity Provider and includes the csf-key
for signature.
wls:/wls-domain/serverConfig> exportFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml','IDP','www.abc.com','true',[sign-csf-Key],None)
In the following example, signed federation metadata document is generated for Identity Provider and includes orakey
as the sign alias for encryption.
wls:/wls-domain/serverConfig> exportFederationMetadata('/home/ABC/Downloads/FederationMetadata.xml','IDP','www.abc.com','true',[orakey],None)
Parent topic: Token Issuer Trust Configuration Commands
revokeFederationMetadata
Description
Note:
This command applies to Oracle Infrastructure web services only.Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Removes the signing certificates from OWSM and WS-Trust configuration information from the federation metadata document.
Syntax
revokeFederationMetadata(federationFile)
Arguments | Description |
---|---|
|
Location of the federation metadata file. This can be an Web URL or file system path. |
Example 3-3 Example
In the following example, the federation metadata configuration is removed using the URL rule.
wls:/wls-domain/serverConfig> revokeFederationMetadata('https://mycompany.com/FederationMetadata/2007-06/Federation.xml')
Parent topic: Token Issuer Trust Configuration Commands
setWSMJWKTokenIssuerTrust
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
This command imports the JWK document from a trusted issuer and configures the trust in OWSM.
If type is dns.jwt, it imports the X509 certificate into the configured keystore KSS or JKS and configures the DN trust with the issuer.
If Type is jwk.jwt, it configures the kid level trust for all JWK present inside the JWKSet.
Syntax
setWSMJWKTokenIssuerTrust(type, issuer, jwkFile ,nameIdAttribute=None,[filterValues=None],userAttribute=None,userMappingAttribute=None, refreshInterval=None,tokenIssuerTrust=None, raiseError='true|false')
Argument | Definition |
---|---|
|
Type of trust. Valid values are |
|
Issuer name. |
jwkFile |
JWK file path. This can be web URL or file system path. For example |
nameIdAttribute |
Optional. The name of the attribute to assert in case name-id maps to non standard attribute. |
filterValues |
Optional. List of filter values to be set for the attribute. Each value can be an exact value. |
userAttribute |
Optional. The name of the local user attribute the value of the attribute corresponds to./ |
userMappingAttribute |
Optional. The name of the local user attribute to map to. |
refreshInterval |
Optional . Time interval in milliseconds after which JWK keys will be checked for any update.
Required if type is jwk.jwt. |
tokenIssuerTrust |
Optional. Token issuer trust document to use to configure trust. If trust document is not provided, domain configured token issuer trust will be used. |
raiseError |
Optional. Whether to raise exception or return false in case of known errors. Default value is 'true' .
|
Example
The following example imports JWK configuration from the issuer example.com.
setWSMJWKTokenIssuerTrust("jwk.jwt","www.example.com","/home/jwk.json","Unique_name",["filter"],"mail","uid","5000")
Parent topic: Token Issuer Trust Configuration Commands
revokeWSMJWKTokenIssuerTrust
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
It reverses the trust configuration done in the setWSMJWKTokenIssuerTrust. It also removes any imported certificates.
Syntax
revokeWSMJWKTokenIssuerTrust(type, issuer, tokenIssuerTrust=None, raiseError='true|false')
Argument | Definition |
---|---|
|
Type of trust. Valid values are jwk.jwt or dns.jwt .
|
|
Issuer name. |
tokenIssuerTrust |
Optional. Token issuer trust document to use to revoke trust. If trust document is not provided, domain configured token issuer trust will be used. |
raiseError |
Optional. Whether to raise exception or return false in case of known errors . Default value is 'true' .
|
Example
The following example removes certificates and revokes the trust example.com.
revokeWSMJWKTokenIssuerTrust("jwk.jwt","www.example.com")
Parent topic: Token Issuer Trust Configuration Commands
enableWSMTokenIssuerTrustOneToken
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
Enables or disables 1Paas - 1Token Trust for a given DN and/or Issuer. A token issuer trust document must be selected for modification in the session, before running this command.
Syntax
enableWSMTokenIssuerTrustOneToken(issuer=None, dn=None, enable = 'true')
Argument | Definition |
---|---|
|
Optional. Issuer name. |
dn |
Optional. DN of the token signing certificate. |
enable |
Optional. Enable or disable 1Token trust depending on the argument value of ‘true’ or ‘false’ . Default value is 'true' .
|
Example
enableWSMTokenIssuerTrustOneToken(enable='false') enableWSMTokenIssuerTrustOneToken("www.example.com", "CN=alice", false) enableWSMTokenIssuerTrustOneToken(None, 'CN=weblogic, OU=Examplekey, O=Oracle, C=US', true)
Parent topic: Token Issuer Trust Configuration Commands
enableWSMTokenIssuerTrust
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
Enables or disables trusted issuer and key identifiers in the current Token Issuer Trust document.
Syntax
enableWSMTokenIssuerTrust(type, issuer, enabled, [trustedKeys]=None, [raiseError='true|false'])
Argument | Definition |
---|---|
type |
Type of the issuer or trusted key identifiers list to be set. For example dns.hok or dns.sv .
|
|
Issuer name. |
enabled |
Indicate whether to enable or disable the issuer and key identifiers. |
trustedKeys |
Optional. List of trusted key identifier values to be modified for the issuer. |
raiseError |
Optional. Whether to raise exception or return false in case of known errors . Default value is 'true' .
|
Example
enableWSMTokenIssuerTrust("dns.sv", "www.example.com", false, None) enableWSMTokenIssuerTrust("dns.hok", "www.example.com", true, ["CN=alice","CN=bob"])
Parent topic: Token Issuer Trust Configuration Commands
setWSMTokenIssuerTrustProxy
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
It configures proxy for a issuer, DN or URL.
Syntax
setWSMTokenIssuerTrustProxy(issuer,identifier, proxyHost,proxyPort)
Argument | Definition |
---|---|
|
Issuer name. |
identifier |
Identifier which represents DN or URL. |
proxyHost |
Proxy host. |
proxyPort |
Proxy port. |
Example
The following example sets proxy for the token issuer trust example.com.
setWSMTokenIssuerTrustProxy("www.example.com",None,"www.proxy.com","80")
Parent topic: Token Issuer Trust Configuration Commands
removeWSMTokenIssuerTrustProxy
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
It removes the proxy configured for the token attribute rule identified by issuer and identifier.
Syntax
removeWSMTokenIssuerTrustProxy(issuer,identifier)
Argument | Definition |
---|---|
|
Issuer name. |
identifier |
Identifier which represents DN or URL. |
Example
The following example removes proxy for the token issuer trust example.com.
removeWSMTokenIssuerTrustProxy("www.example.com",None)
Parent topic: Token Issuer Trust Configuration Commands
displayWSMTokenIssuerTrustProxy
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
It displays the proxy configured for the token attribute rule identified by issuer and identifier.
Syntax
displayWSMTokenIssuerTrustProxy(issuer,identifier)
Argument | Definition |
---|---|
|
Issuer name. |
identifier |
Identifier which represents DN or URL. |
Example
The following example displays the proxy configured for the token issuer trust example.com.
displayWSMTokenIssuerTrustProxy("www.example.com",None)
Parent topic: Token Issuer Trust Configuration Commands
importWSMDiscoveryMetadata
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
This command configures the trust in OWSM using open id connect discovery document.
Syntax
importWSMDiscoveryMetadata(type , issuer, path=None, idcsClientCsfKey=None, jwkAccessToken=None, nameIdAttribute=None,[filterValues=None],userAttribute=None,userMappingAttribute=None, refreshInterval=None, tokenIssuerTrust=None)
Argument | Definition |
---|---|
|
The type can be:
|
|
The name of the trusted issuer, for example
|
path |
Optional. The exact path of the metadata document could be file or web URL . If issuer parameter is provided then this parameter will not be considered.
For Example :
https://example.com/.well-known/idcs-configuration https://example.com/.well-known/openid-configuration /home/discovery.json |
idcsClientCsfKey |
Optional. IDCS client csf key containing client id and secret. This is required to generate access token to fetch JWK document since its not a public URL. |
jwkAccessToken |
Optional. Access token to fetch jwk keys from the jwk URI when using WLST only. This is required in case of Identity Cloud Service.. |
nameIdAttribute |
Optional. The name of the attribute to assert, in case name-id maps to non standard attribute. |
filterValues |
Optional. List of filter values to be set for the attribute. Each value can be an exact value. |
userAttribute |
Optional. The name of the local user attribute which corresponds to the value of the attribute . |
userMappingAttribute |
Optional. The name of the local user attribute to map. |
refreshInterval |
Optional . The time interval after which keys will be refreshed. |
tokenIssuerTrust |
Optional . Token issuer trust document to use to configure trust. If trust document is not provided, Domain configured token issuer trust will be used. |
Example
The following example imports WSMDiscoveryMetadata from the issuer example.com.
importWSMDiscoveryMetadata("jwk.jwt","https://example.com") importWSMDiscoveryMetadata("dns.jwt","www.example.com",None,None,None,"Unique_name",["filter"],"mail","uid","5000")
Parent topic: Token Issuer Trust Configuration Commands
revokeWSMDiscoveryMetadata
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
It reverse the trust configuration done using importWSMDiscoveryMetadata. It also removes any imported certificates.
Syntax
revokeWSMDiscoveryMetadata(type, issuer, path=None, tokenIssuerTrust=None)
Argument | Definition |
---|---|
|
Type of trust:
|
|
Issuer name. |
path |
Optional. The exact path of the metadata document could be file or web URL . If issuer parameter is provided then this parameter will not be considered.
For Example :
https://example.com/.well-known/idcs-configuration https://example.com/.well-known/openid-configuration /home/discovery.json |
tokenIssuerTrust |
Optional. Token issuer trust document is used to configure trust. If trust document is not provided, Domain configured token issuer trust will be used. |
Example
The following example shows the revokeWSMDiscoveryMetadata command.
revokeWSMDiscoveryMetadata("jwk.jwt","https://example.com") revokeWSMDiscoveryMetadata("jwk.jwt",None,"https://www.example.com/.well-known/openid-configuration")
Parent topic: Token Issuer Trust Configuration Commands
addWSMTokenIssuerTrustRP
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
This command adds or deletes trusted relying party.
Syntax
addWSMTokenIssuerTrustRP(type, issuer, [clients=None],raiseError='true|false')
Argument | Definition |
---|---|
|
Type of relying party. The type can be:
|
|
The name of the trusted issuer. |
clients |
Optional. The array of clients to be added as trusted relying party.
If the client is None or not provided, then all the relying party for the given type will be deleted. |
raiseError |
Optional. Whether to raise exception or return false in case of known errors . Default value is 'true'. |
Examples
The following examples adds trusted relying party:
addWSMTokenIssuerTrustRP("csf.key.jwt","www.example.com",["rp-csf-key1","rp-csf-key2"]) addWSMTokenIssuerTrustRP("csf.key.jwt","www.example.com") addWSMTokenIssuerTrustRP("literal.jwt","www.example.com",["client"])
Parent topic: Token Issuer Trust Configuration Commands
displayWSMTokenIssuerTrustRP
Command Category: Token Issuer Trust Configuration
Use with WLST: Online
Description
This command displays trusted relying party for a given type.
Syntax
displayWSMTokenIssuerTrustRP(type, issuer=None,raiseError='true|false')
Argument | Definition |
---|---|
|
Type of relying party. The type can be:
|
|
Optional. The name of the trusted issuer. If issuer is not provided then all the relying of give type for all the issuers will be displayed. If issuer is provided then only relying party of the given issuer will be displayed. |
|
Optional. Whether to raise exception or return false in case of known errors . Default value is |
Examples
The following examples displays trusted relying party for a given type:
displayWSMTokenIssuerTrustRP("csf.key.jwt","www.example.com") displayWSMTokenIssuerTrustRP("csf.key.jwt") displayWSMTokenIssuerTrustRP("literal.jwt","www.example.com")
Parent topic: Token Issuer Trust Configuration Commands
Secure Conversation Session Management Commands
As described in "WS-SecureConversation Architecture", OWSM maintains the client and server secure conversation session information based on a computed Session ID. OWSM (via an internal session mechanism) computes the Session ID at runtime for each message, and associates one or more requests to a session.
Session management commands provide a way for you to release resources on the server when you know that a given client no longer requires the session.
A session is re-used for all requests coming from the same client. In the event a session has been removed manually, a new session is created. If a session is not released manually, it is released the next time that the server hosting the JVM is restarted.
Use the WLST commands listed in Table 3-13 to administer sessions.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Table 3-13 Secure Conversation Session Management Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Display details about the specified active session. |
Online |
|
List sessions that are currently active for the Session Manager. |
Online |
|
List sessions that are active for the Session Manager for a specified key-value pair. |
Online |
|
Remove an active session to clear the sessions in a store. |
Online |
- getWebServiceSessionInfo
- listWebServiceSessionNames
- listWebServiceSessionNamesForKey
- removeWebServiceSession
Parent topic: Web Services Custom WLST Commands
getWebServiceSessionInfo
Command Category: Secure Conversation Session Management
Use with WLST: Online
Description
Gets the specified Session object. sessionName
is returned by listWebServiceSessionNames()
.
The returned session names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo(String)
and removeWebServiceSession(String)
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
getWebServiceSessionInfo ("sessionName")
Arguments | Definition |
---|---|
|
Name of the active session for which information is displayed. |
Examples
In the following example, information about the session named 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
is returned.
wls:/base_domain/serverConfig>
getWebServiceSessionInfo('215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b'
)
Name: 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
Creation time: Mon Nov 04 17:47:39 PST 2013
Last update time: Mon Nov 04 17:47:42 PST 2013
Expiration time: Mon Nov 04 18:17:41 PST 2013
Key info: [oracle.wsm.security.secconv.util.property.SCT, 0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09]
Parent topic: Secure Conversation Session Management Commands
listWebServiceSessionNames
Command Category: Secure Conversation Session Management
Use with WLST: Online
Description
Lists the names of all active sessions visible within the domain for the current Persistence provider. The returned list is a snapshot of the visible session instances and is subject to change.
The returned names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo()
and removeWebServiceSession()
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
listWebServiceSessionNames()
Examples
In the following example, there is one active session.
wls:/base_domain/serverConfig> listWebServiceSessionNames()
215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
Parent topic: Secure Conversation Session Management Commands
listWebServiceSessionNamesForKey
Command Category: Secure Conversation Session Management
Use with WLST: Online
Description
Lists the names of all sessions that have the name keyName
and the value keyValue
. keyName
and keyValue
are returned by getWebServiceSessionInfo()
.
The returned session names are appropriate for use as the name parameter in subsequent calls to getWebServiceSessionInfo(String)
and removeWebServiceSession(String)
commands.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
listWebServiceSessionNamesForKey ("keyName", "keyValue")
Arguments | Definition |
---|---|
|
A string that specifies the key name for which to list the session names. |
|
A string that specifies the key value for which to list the session names. |
Examples
In the following example, there is one active session for the key name oracle.wsm.security.secconv.util.property.SCT
that has a value of 0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09
.
wls:/base_domain/serverConfig>listWebServiceSessionNamesForKey('oracle.wsm.security.secconv.util.property.SCT',
'0x0000014225F1A1260AE4F30351FD1544DC10ED14201988C8CFEDFDBE8E0E4B09')
215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
Parent topic: Secure Conversation Session Management Commands
removeWebServiceSession
Command Category: Secure Conversation Session Management
Use with WLST: Online
Description
Remove a Session object by giving its name. sessionName
is returned by listWebServiceSessionNames()
.
All of the WebLogic Server instances within a domain must be running in order for this command to succeed. The scope of the session is the current Persistence provider.
For additional information about using these commands, see "Managing Secure Conversation Sessions" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Syntax
removeWebServiceSession ("sessionName")
Arguments | Definition |
---|---|
|
Name of the active session to remove. |
Examples
In the following example, the session named 215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b
is removed.
wls:/base_domain/serverConfig>
removeWebServiceSession('215d0d4a5ebbc3fec662f46adedc5bc74ecbc87b'
)
Parent topic: Secure Conversation Session Management Commands
JKS Keystore Configuration Commands
Use the WLST commands listed in Table 3-14 to view and manage JKS keystore credentials and certificates.
Note:
The commands in this section apply to Oracle Infrastructure Web Services only.
To view the help for the WLST commands described in this section, connect to a running instance of the server and enter help('wsmManage')
.
You must use the OPSS keystore commands if the keystore is KSS. You can view the relevant commands using following command syntax:
svc = getOpssService(name='KeyStoreService')
svc.help()
Table 3-14 JKS Keystore Configuration Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Delete a single |
Online |
|
Delete all |
Online |
|
Displays the string representing the contents of a user's certificate if the alias specifies a |
Online |
|
Export a trusted certificate or a certificate chain associated with a private key, indicated by a specified alias, to a specified location. |
Online |
|
Import a trusted certificate or a certificate chain associated with a private key, indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location. |
Online |
|
List all the aliases in the keystore. |
Online |
- deleteWSMKeyStoreEntry
- deleteWSMKeyStoreEntries
- displayWSMCertificate
- exportWSMCertificate
- importWSMCertificate
- listWSMKeystoreAliases
Parent topic: Web Services Custom WLST Commands
deleteWSMKeyStoreEntry
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
Delete a single KeyStore.TrustedCertificateEntry
entry from the keystore. You cannot delete the keyStore.PrivateKeyEntry
.
Syntax
deleteWSMKeyStoreEntry(alias, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Alias of the certificate to be deleted. |
|
Optional. When set to |
Examples
In this example, the alias for a key store entry, testalias1
, is deleted from the keystore.
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntry('testalias') Starting Operation deleteWSMKeyStoreEntry ... Certificate for alias "testalias" successfully deleted.
Parent topic: JKS Keystore Configuration Commands
deleteWSMKeyStoreEntries
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
Delete all KeyStore.TrustedCertificateEntry
entries from the keystore except those identified by the aliases in the exclusion list. If no argument is passed then all the KeyStore.TrustedCertificateEntry
entries will be deleted.
Syntax
deleteWSMKeyStoreEntries(exclusionList=None, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Optional. List of aliases for the certificate that should not be deleted. |
|
Optional. When set to |
Examples
In this example, all key store entries are deleted from the keystore, except for the testalias
and testalias2
aliases, which are specified on the exclusion list:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries(['testalias', 'testalias2']) Starting Operation deleteWSMKeyStoreEntries ... Certificate(s) deleted successfully.
In this example, all key store entries are deleted from the keystore:
wls:/base_domain/serverConfig> deleteWSMKeyStoreEntries()
Parent topic: JKS Keystore Configuration Commands
displayWSMCertificate
Displays the string representing the contents of a user's certificate if the alias specifies a KeyStore.TrustedCertificateEntry
. Displays the certificates in the chain if the alias points to a certificate chain specified by a KeyStore.PrivateKeyEntry
.
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
Syntax
displayWSMCertificate(alias, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Alias of the certificate/certificate chain to be displayed. |
|
Optional. When set to |
Examples
In this example, the contents of the orakey
trusted certificate is displayed.
wls:/base_domain/serverConfig>displayWSMCertificate('orakey') Starting Operation displayWSMCertificate ... [ Version: V3 Subject: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 101336654071087305620295721341875459581727184852017960998615641847764412775989 046768838406911494435712364431883104460420101263455337490958825568587912620074 497379158835791101805994438262634259467352941329678718608662643461089403600239 418798937444529854556507844518713085827283731161032187719240566731105687269 public exponent: 65537 Validity: [From: Tue Apr 07 15:04:45 PDT 2009, To: Thu Feb 14 14:04:45 PST 2019] Issuer: CN=OWSM QA, OU=Fusion Middleware, O=Oracle, L=Redwood City, ST=CA, C=US SerialNumber: [ 49dbcdfd] ] Algorithm: [SHA1withRSA] Signature: 0000: 69 29 71 5D 97 1C 28 07 F1 5E 6A AA 49 A7 F7 31 i)q]..(..^j.I..1 0010: F2 B6 91 91 A1 7E D3 F9 1A C6 58 38 85 00 BA 49 ..........X8...I 0020: 21 69 E0 06 8D 9F BF 7B C4 8C 83 95 69 4A 49 EB !i..........iJI. 0030: 70 D8 7E A9 75 0D 8C C5 7C 9B 14 AB 93 76 A9 35 p...u........v.5 0040: 56 21 71 77 8D 2A AB 1C CA 81 E0 15 36 4E 81 0A V!qw.*......6N.. 0050: 55 8F D4 5E 1C D0 BF 12 A3 44 8E 65 18 D9 4C E6 U..^.....D.e..L. 0060: 4C 5E 14 4A 7F DF CD 51 59 43 02 41 67 B0 EA 3E L^.J...QYC.Ag..> 0070: 58 F4 38 50 3B 2D A3 81 08 8A 84 4C 4B E0 8B 3E X.8P;-.....LK..>
Parent topic: JKS Keystore Configuration Commands
exportWSMCertificate
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
Export a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The certificate will be exported to the specified location.
-
If the
type
argument isCertificate
:-
If the
alias
is pointing toKeyStore.TrustedCertificateEntry
, it will return the trusted certificate associated with the entry. -
If the
alias
is pointing toKeyStore.PrivateKeyEntry
, it will return the first certificate in the certificate chain. -
If the
alias
does not point to eitherKeyStore.TrustedCertificateEntry
orKeyStore.PrivateKeyEntry
, it will return an error message.
-
-
If the
type
argument isPKCS7
:-
If the
alias
is pointing to aKeyStore.PrivateKeyEntry
, it will return the certificate chain associated with the entry in PKCS7 format. -
If the
alias
does not point toKeyStore.PrivateKeyEntry
, it will return an error message.
-
-
If the
type
argument is set to an invalid value, an error message is returned.
Syntax
exportWSMCertificate(alias, certFile, type, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Alias of the certificate to be exported. |
|
Location of the file where the exported certificate will be stored. |
|
Type of keystore entry to be exported. Valid values are:
|
|
Optional. When set to |
Examples
In this example, the trusted certificate testalias
is identified by type as Certificate
and is exported to the specified certificate.cer
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation exportWSMCertificate ... Certificate for alias "testalias" successfully exported.
In this example, the certificate chain testalias2
is identified by type as PKCS7
and is exported to the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> exportWSMCertificate('testalias2','/tmp/certificatechain.p7b','PKCS7')
Parent topic: JKS Keystore Configuration Commands
importWSMCertificate
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
Import a trusted certificate or a certificate chain associated with a private key indicated by the specified alias. The Base64 encoded certificate will be imported from the specified location.
Syntax
importWSMCertificate(alias, certFile, type, password=None, [raiseError='true|false'])
Arguments | Description |
---|---|
|
Alias of the certificate to be imported. |
|
Location of the file from which the Base64 encoded certificate will be imported. |
|
Type of keystore entry to be imported. Valid values are:
|
|
Optional. Password associated with the private key. |
|
Optional. When set to |
Examples
In this example, the trusted certificate testalias
is identified by type as Certificate
and is imported from the specifiedcertificate.cer
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificate.cer','Certificate') Starting Operation importWSMCertificate ... Certificate for alias "testalias" successfully imported.
In this example, the password-protected certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7',password='privatekeypassword')
In this example, the certificate chain testalias
is identified by type as PKCS7
and is imported from the specified certificatechain.p7b
file:
wls:/base_domain/serverConfig> importWSMCertificate('testalias','/tmp/certificatechain.p7b','PKCS7')
Parent topic: JKS Keystore Configuration Commands
listWSMKeystoreAliases
Note:
This command applies to Oracle Infrastructure Web services only.
Command Category: JKS Keystore Management
Use with WLST: Online/offline
Description
List all the aliases in the keystore.
Syntax
listWSMKeystoreAliases([raiseError='true|false'])
raiseError
- Optional. When set to true
, it raises exception in case of known errors. When set to false
, it returns a boolean false value in case of known errors. By default, it's set to true
.
Examples
In this example, all the aliases in the keystore are listed.
wls:/base_domain/serverConfig>listWSMKeystoreAliases() Starting Operation listWSMKeystoreAliases ... testalias orakey testalias2
Parent topic: JKS Keystore Configuration Commands