Oracle Fusion Middleware Security for Web Services 11g Release 1 (11.1.1.6) Policy Sets using WLST

Policy sets provide a means to attach policies globally to a range of endpoints of the same type.  In addition to attaching policies directly to endpoints, you can create policy sets that allow you to attach policies globally to a range of endpoints of the same type, regardless of the deployment state. You can create and manage policy sets using both Fusion Middleware Control and the WebLogic Scripting Tool, WLST.  Attaching policies globally using policy sets allows an administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached. Policies attached globally using policy sets also provide the following: Override the policies Specify run time constraint Policy subjects to which policy sets can be attached include SOA components, SOA service endpoints, SOA references, Web services endpoints, Web service clients, Web service connections, and asynchronous callback clients. Policy sets can be attached at the following scopes: Domain — all policy subjects of the specified type in a domain Server instance—all policy subjects of the specified type in a server instance Application or Partition—all policy subjects of the specified type in an application or SOA partition Application module or SOA composite—all policy subjects of the specified type in an application module or SOA composite Service or reference—all policy subjects of the specified type in a SOA service or reference Port or component—all policy subjects of the specified type in a port or SOA component CREATING A POLICY SET USINg  WLST CreatePolicySet.py import os propInputStream = FileInputStream("PolicySets.properties") configProps = Properties() configProps.load(propInputStream) connect(configProps.get("userName"),configProps.get("passWord"),'t3://'+configProps.get("wlsHost")+':'+configProps.get("adminServerListenPort")) splits=String(configProps.get("policysets_to_be_created")).split(",") for dsIndex in splits:     beginRepositorySession()     #Variable Definitions     policySetName=configProps.get("policySetName_"+ str(dsIndex))     policySetType=configProps.get("policySetType_"+ str(dsIndex))     policySetAttachTo=configProps.get("policySetAttachTo_"+ str(dsIndex))     policySetDescription=configProps.get("policySetDescription_"+ str(dsIndex))     policySetEnabled=configProps.get("policySetEnabled_"+ str(dsIndex))     policySetUrl=configProps.get("policySetUrl_"+ str(dsIndex))     print "Creating Policy Sets for System Resource Name:"+policySetName + ", Policy Set Type:" + policySetType +" Attached To: "+ policySetAttachTo + " , Description:" + policySetDescription + ", Enabled true or false: "+ policySetEnabled      createPolicySet(policySetName,policySetType,policySetAttachTo,description=policySetDescription,enable=policySetEnabled)     print "Attaching Policy Sets"     attachPolicySetPolicy(policySetUrl)     print "Commiting Session"     commitRepositorySession()  PolicySets.properties userName=username passWord=password wlsHost=localhost domainDir=domainDir adminServerListenPort=7001 #Total Number of Data Sources  policysets_to_be_created=1 #Properties for the first PolicySets policySetName_1=TestWSClientPolicySet policySetType_1=sca-reference policySetAttachTo_1=Domain("domain") and Server("server1") and Composite("*CBP*") policySetDescription_1=Global policy attachments for SOA Reference resources. policySetEnabled_1=true policySetUrl_1=oracle/wss10_saml_token_client_policy_OPT_ON