9-8 Oracle Fusion Middleware Security and Administrators Guide for Web Services must be performed in the context of a session. A session can only act on a single document. For example: wls:jrfserver_domainserverConfig beginRepositorySession Repository session begun. 3. Use the createPolicySet command to create a new, empty policy set. The name, type, and attachTo arguments are required. createPolicySetname, type, attachTo, [description=None], [enable=true] Where: ■ name represents the name of the new, empty policy set. ■ type represents the type of policy subject to which the new policy set applies. ■ attachTo represents the scope of resources to which the policy set will be attached. This argument must use a supported expression that defines a valid resource scope in a supported format. For more information, see Defining the Type and Scope of Resources on page 9-19. You do not need to enter the exact domain name for the resource scope. Wildcards are permitted, as shown in the example. For details, see Defining the Type and Scope of Resources on page 9-19. ■ description represents an optional argument that provides a description of the policy set. ■ enable specifies if the policy set is enabled or disabled. This argument is optional. For example, to create a policy set for all services in a domain using only the required arguments: wls:jrfserver_domainserverConfig createPolicySetall-domains-default-web-service-policies, ws-service, Domain Description defaulted to Global policy attachments for Web Service Endpoint resources. The policy set was created successfully in the session. Note that because no description was specified on the command line, a default description was provided. For additional details about the arguments for this command, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. 4. Specify a description using the setPolicySetDescription command. setPolicySetDescriptiondescription For example, to set the description as Default policies for web services in any domain, use the following command: wls:jrfserver_domainserverConfig setPolicySetDescriptionDefault policies for web services in any domain Description updated. Creating and Managing Policy Sets 9-9 5. To attach a policy to the current policy set, use the attachPolicySetPolicy command. The policy, identified by the specified URI using the uri argument, is attached to the endpoints specified in the policy set. You can repeat this command as needed to attach all the desired policies to the policy set. attachPolicySetPolicyuri For example, to attach the policy oraclewss11_saml_or_username_token_with_ message_protection_service_policy to the subjects specified in the policy set, enter the following command: wls:jrfserver_domainserverConfigattachPolicySetPolicyoraclewss11_saml_or_ username_token_with_message_protection_service_policy Policy reference added. 6. To display the configuration of the policy set during the current repository session, use the displayPolicySet command. displayPolicySetname=None Note that when you execute this command within a repository session, you do not need to specify the name argument. The current policy set is used by default. If the policy set is being modified, then the modified version is displayed. Otherwise, the latest version in the repository is displayed. For example: wls:jrfserver_domainserverConfigdisplayPolicySet Policy Set Details: ------------------- Name: all-domains-default-web-service-policies Type of Resources: Web Service Endpoint Scope of Resources: Domain Description: Default policies for web services in any domain Enabled: true Policy Reference: security : oraclewss11_saml_or_username_token_with_ message_protection_service_policy, enabled=true 7. To validate the policy set, use the validatePolicySet command. validatePolicySetname=None If a name is not provided, then the command validates the policy set being created or modified in the current session. Note that you can also execute this command outside of a repository session. If you do so, the name argument is required. For example: wls:jrfserver_domainserverConfig validatePolicySet The policy set all-domains-default-web-service-policies is valid. 8. To write the contents of the current repository session to the repository, use the commitRepositorySession command. wls:jrfserver_domainserverConfig commitRepositorySession The policy set all-domains-default-web-service-policies is valid. Creating policy set all-domains-default-web-service-policies in repository.