Saturday, May 12, 2012

Oracle Fusion Middleware Security for Web Services 11g Release 1 (11.1.1.6) Policy Sets using WLST

Policy sets provide a means to attach policies globally to a range of endpoints of the same type. 


  • In addition to attaching policies directly to endpoints, you can create policy sets that allow you to attach policies globally to a range of endpoints of the same type, regardless of the deployment state. You can create and manage policy sets using both Fusion Middleware Control and the WebLogic Scripting Tool, WLST. 
  • Attaching policies globally using policy sets allows an administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached.
  • Policies attached globally using policy sets also provide the following:
    • Override the policies
    • Specify run time constraint
  • Policy subjects to which policy sets can be attached include SOA components, SOA service endpoints, SOA references, Web services endpoints, Web service clients, Web service connections, and asynchronous callback clients. Policy sets can be attached at the following scopes:
    • Domain — all policy subjects of the specified type in a domain
    • Server instance—all policy subjects of the specified type in a server instance
    • Application or Partition—all policy subjects of the specified type in an application or SOA partition
    • Application module or SOA composite—all policy subjects of the specified type in an application module or SOA composite
    • Service or reference—all policy subjects of the specified type in a SOA service or reference
    • Port or component—all policy subjects of the specified type in a port or SOA component

    CREATING A POLICY SET USINg  WLST

    CreatePolicySet.py


    import os
    propInputStream = FileInputStream("PolicySets.properties")
    configProps = Properties()
    configProps.load(propInputStream)
    connect(configProps.get("userName"),configProps.get("passWord"),'t3://'+configProps.get("wlsHost")+':'+configProps.get("adminServerListenPort"))
    splits=String(configProps.get("policysets_to_be_created")).split(",")
    for dsIndex in splits:
        beginRepositorySession()
        #Variable Definitions
        policySetName=configProps.get("policySetName_"+ str(dsIndex))
        policySetType=configProps.get("policySetType_"+ str(dsIndex))
        policySetAttachTo=configProps.get("policySetAttachTo_"+ str(dsIndex))
        policySetDescription=configProps.get("policySetDescription_"+ str(dsIndex))
        policySetEnabled=configProps.get("policySetEnabled_"+ str(dsIndex))
        policySetUrl=configProps.get("policySetUrl_"+ str(dsIndex))

        print "Creating Policy Sets for System Resource Name:"+policySetName + ", Policy Set Type:" + policySetType +" Attached To: "+ policySetAttachTo + " , Description:" + policySetDescription + ", Enabled true or false: "+ policySetEnabled 
        createPolicySet(policySetName,policySetType,policySetAttachTo,description=policySetDescription,enable=policySetEnabled)
        print "Attaching Policy Sets"
        attachPolicySetPolicy(policySetUrl)
        print "Commiting Session"
        commitRepositorySession() 

    PolicySets.properties

    userName=username
    passWord=password
    wlsHost=localhost
    domainDir=domainDir
    adminServerListenPort=7001
    #Total Number of Data Sources 
    policysets_to_be_created=1
    #Properties for the first PolicySets
    policySetName_1=TestWSClientPolicySet
    policySetType_1=sca-reference
    policySetAttachTo_1=Domain("domain") and Server("server1") and Composite("*CBP*")
    policySetDescription_1=Global policy attachments for SOA Reference resources.
    policySetEnabled_1=true
    policySetUrl_1=oracle/wss10_saml_token_client_policy_OPT_ON


    OCI Knowledge Series: OCI Infrastructure components

      Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...