Over a million developers have joined DZone.

Enable Java Security Manager for WSO2 Products

· IoT Zone

Access the survey results 'State of Industrial Internet Application Development' to learn about latest challenges, trends and opportunities with Industrial IoT, brought to you in partnership with GE Digital.

Hi everyone, in this post we are going to explore how to enable Java security manager for WSO2 products. For this we need to sign all the JARs using the jarsigner program. For learning purposes, I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.

Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files. :)
I am going to use the WSO2 Application Server 5.2.1 for demonstration purposes. 
First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.

Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.

You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks

Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)

./sign-packs.sh /home/aruna/wso2as-5.2.1
Then you have to sign the patch folders inside the pack.

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.

These are the only added lines apart from the original wso2server.sh file.

-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \
-Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \
-Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \
-Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)

For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.

Download the script files from this link

The IoT Zone is brought to you in partnership with GE Digital.  Discover how IoT developers are using Predix to disrupt traditional industrial development models.

Topics:

Published at DZone with permission of Aruna Karunarathna, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}