Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Enable Java Security Manager for WSO2 Products

DZone's Guide to

Enable Java Security Manager for WSO2 Products

· IoT Zone
Free Resource

Hi everyone, in this post we are going to explore how to enable Java security manager for WSO2 products. For this we need to sign all the JARs using the jarsigner program. For learning purposes, I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.

Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files. :)
I am going to use the WSO2 Application Server 5.2.1 for demonstration purposes. 
First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.

Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.

You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks

Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)

./sign-packs.sh /home/aruna/wso2as-5.2.1
Then you have to sign the patch folders inside the pack.

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.

These are the only added lines apart from the original wso2server.sh file.

-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \
-Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \
-Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \
-Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)

For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.

Download the script files from this link

Topics:

Published at DZone with permission of Aruna Karunarathna, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}