9-18 Oracle Fusion Middleware Security and Administrators Guide for Web Services deletePolicySet name For example: wls:jrfServer_domainserverConfig deletePolicySetapp-only-web-service-policies The policy set was deleted successfully in the session. 5. To write the contents of the current repository session to the repository, use the commitRepositorySession command. wls:jrfServer_domainserverConfig commitRepositorySession Deleting policy set app-only-web-service-policies from repository. Repository session committed successfully. Alternately, you can choose to cancel any changes by using the abortRepositorySession command, which discards any changes that were made to the repository during the session. For more information about the WLST commands and their arguments, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. Migrating Direct Policy Attachments to Global Policy Attachments You can use the migrateAttachments WLST command to migrate direct local policy attachments to external global policy attachments if they are identical. Migrating identical policy attachments improves manageability by reducing the number of physical attachments that need to be maintained. A direct policy attachment is identical if its URI is the same as one provided by a global policy attachment, and if it does not have any configuration overrides. You cannot migrate the following: ■ Programmatic policy attachments. ■ Direct or global policy attachments to SOA components To migrate policy attachments: 1. Connect to the running instance of WebLogic Server as described in Accessing the Web Services Custom WLST Commands on page 1-6. 2. Migrate the attachments using the migrateAttachments command. You can specify whether to force the migration force, prompt for confirmation before each migration prompt, or simply list the migrations that would occur preview. If no mode is specified, the default is prompt. migrateAttachmentsmode=None For example, to prompt, by default, for confirmation of each potential attachment migration, enter the following command. Note in the output that there are Notes: A direct attachment with an unscoped override will be migrated but an attachment with a scoped override will not. This is because after running the migrateAttachments command, the enforcement of the policies on all subjects remains the same, even though some policies are globally attached. Creating and Managing Policy Sets 9-19 identical global and direct policy attachments for the jaxws-sut application that can be migrated. wls:jrfServer_domainserverConfig migrateAttachments ------------------------------------------------------------------------------- - Application Path: jrfServer_domainjrfServerjaxws-sut-no-policy Web Service Name: TestService Module Type: web Module Name: jaxws-service Port: TestPort ------------------------------------------------------------------------------- - Application Path: jrfServer_domainjrfServerjaxws-sut Web Service Name: TestService Module Type: web Module Name: jaxws-sut-service Port: TestPort Policy Reference: management : oraclelog_policy, enabled=true security : oraclewss_username_token_service_policy, enabled=true global policysetsglobalmigrate_example : oraclewss_ username_token_service_policy Migrate oraclewss_username_token_service_policy yesnocancel? yes oraclewss_username_token_service_policy was migrated successfully. For more information about the arguments for this command, see Web Services Custom WLST Commands in WebLogic Scripting Tool Command Reference. Defining the Type and Scope of Resources The resource scope for a policy set describes a collection of related resources, from the domain-level down to the application module-level or SOA composite-level, that are running in the same enterprise topology nodes based on the node’s names. To attach policies globally across a set of resources, you must specify the type of policy subjects to which the policy set applies and the scope of resources within the topology of the enterprise. Resource Type In Fusion Middleware Control, you select the resource type from a menu when you are creating a policy set. When you create a policy set using WLST, you must use specific abbreviations for these resource types. Table 9–1 lists the type of resources that you select in EM, the abbreviations that are required in WLST, and the resource scopes that are valid for each resource type. Table 9–1 Policy Subject Resource Types Fusion Middleware Control WLST Valid Resource Scope SOA Component sca-component ■ Domain ■ Server Instance ■ SOA Composite