- In addition to attaching policies directly to endpoints, you can create policy sets that allow you to attach policies globally to a range of endpoints of the same type, regardless of the deployment state. You can create and manage policy sets using both Fusion Middleware Control and the WebLogic Scripting Tool, WLST.
- Attaching policies globally using policy sets allows an administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached.
- Policies attached globally using policy sets also provide the following:
- Override the policies
- Specify run time constraint
- Policy subjects to which policy sets can be attached include SOA components, SOA service endpoints, SOA references, Web services endpoints, Web service clients, Web service connections, and asynchronous callback clients. Policy sets can be attached at the following scopes:
- Domain — all policy subjects of the specified type in a domain
- Server instance—all policy subjects of the specified type in a server instance
- Application or Partition—all policy subjects of the specified type in an application or SOA partition
- Application module or SOA composite—all policy subjects of the specified type in an application module or SOA composite
- Service or reference—all policy subjects of the specified type in a SOA service or reference
- Port or component—all policy subjects of the specified type in a port or SOA component
CREATING A POLICY SET USINg WLST
CreatePolicySet.py
import os
propInputStream = FileInputStream("PolicySets.properties")
configProps = Properties()
configProps.load(propInputStream)
connect(configProps.get("userName"),configProps.get("passWord"),'t3://'+configProps.get("wlsHost")+':'+configProps.get("adminServerListenPort"))
splits=String(configProps.get("policysets_to_be_created")).split(",")
for dsIndex in splits:
beginRepositorySession()
#Variable Definitions
policySetName=configProps.get("policySetName_"+ str(dsIndex))
policySetType=configProps.get("policySetType_"+ str(dsIndex))
policySetAttachTo=configProps.get("policySetAttachTo_"+ str(dsIndex))
policySetDescription=configProps.get("policySetDescription_"+ str(dsIndex))
policySetEnabled=configProps.get("policySetEnabled_"+ str(dsIndex))
policySetUrl=configProps.get("policySetUrl_"+ str(dsIndex))
print "Creating Policy Sets for System Resource Name:"+policySetName + ", Policy Set Type:" + policySetType +" Attached To: "+ policySetAttachTo + " , Description:" + policySetDescription + ", Enabled true or false: "+ policySetEnabled
createPolicySet(policySetName,policySetType,policySetAttachTo,description=policySetDescription,enable=policySetEnabled)
print "Attaching Policy Sets"
attachPolicySetPolicy(policySetUrl)
print "Commiting Session"
commitRepositorySession()
PolicySets.properties
userName=username
passWord=password
wlsHost=localhost
domainDir=domainDir
adminServerListenPort=7001
#Total Number of Data Sources
policysets_to_be_created=1
#Properties for the first PolicySets
policySetName_1=TestWSClientPolicySet
policySetType_1=sca-reference
policySetAttachTo_1=Domain("domain") and Server("server1") and Composite("*CBP*")
policySetDescription_1=Global policy attachments for SOA Reference resources.
policySetEnabled_1=true
policySetUrl_1=oracle/wss10_saml_token_client_policy_OPT_ON