Over a million developers have joined DZone.

Enable Java Security Manager for WSO2 Products

DZone's Guide to

Enable Java Security Manager for WSO2 Products

· IoT Zone
Free Resource

Address your IoT software testing needs – improve quality, security, safety, and compliance across the development lifecycle.

Hi everyone, in this post we are going to explore how to enable Java security manager for WSO2 products. For this we need to sign all the JARs using the jarsigner program. For learning purposes, I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.

Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files. :)
I am going to use the WSO2 Application Server 5.2.1 for demonstration purposes. 
First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.

Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.

You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks

Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)

./sign-packs.sh /home/aruna/wso2as-5.2.1
Then you have to sign the patch folders inside the pack.

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.

These are the only added lines apart from the original wso2server.sh file.

-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \
-Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \
-Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \
-Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)

For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.

Download the script files from this link

Accelerate the delivery of high-quality software in the connected IoT era through an integrated analysis, testing, security, and analytics platform


Published at DZone with permission of Aruna Karunarathna, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}