Hi everyone, in this post we are going to explore how to enable Java security manager for WSO2 products. For this we need to sign all the JARs using the jarsigner program. For learning purposes, I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.
Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.
You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks
Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)
./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001 ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002 ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
These are the only added lines apart from the original wso2server.sh file.
-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \ -Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \ -Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \ -Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.