Pages

Subscribe:

Ads 468x60px

Tuesday, December 23, 2014

Adding a custom proxy path for WSO2 Carbon 4.3.0 Based Products

The objective of this article is to give a comprehensive guide on, custom proxy paths, why we need a custom proxy path and how to enable a custom proxy path for WSO2 products. This feature was introduced in Carbon 4.3.0 release.

Custom proxy paths

Custom proxy path is used when mapping a proxy url pattern into a back-end url pattern.
For example lets consider

Proxy entry url path :             https://wso2.com/ProxyContextPath/products
Back-end service url path :         https://wso2.com/products

In the above example “ProxyContextPath” is the proxy context that was added for the target service url. When a client sends a request to the proxy entry url path, the request has to be directed to the back-end service url where the original service lies; and finally the client has to be served via the requested proxy entry url path. The mapping between the proxy url path and the back-end service url path can be resolved fronting the service to a reverse proxy server.

Why we need a custom proxy path?

In the current WSO2 server implementations web context root can be used to change the context root of the management console. The limitation of using the web context root is that it can't be used to change the context root of services.

Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addition to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
        URL of the Carbon server -> https://10.100.1.1:9443/carbon
        URL of the reverse proxy -> https://prod.abc.com/appserver/carbon

This specially required whenever you are generating URLs to displace in     Carbon UI components. When hosting multiple wso2 products under the same domain name, the normal scenario is to host them under sub domains.

For e.g. If we have API Manager, ESB and Application Server, the urls would be

https://apim.wso2test.com
https://esb.wso2test.com
https://as.wso2test.com

Also this feature would enable customers to expose several WSO2 products under the same domain name. Following diagram describes this concept.

All the products are under a single domain https://wso2test.com and in the example the products lies on proxy paths

API Manager           ---->      https://wso2test.com/apimanager
Enterprise Service Bus ---->  https://wso2test.com/esb
Application Server       ---->  https://wso2test.com/appserver

Configure WSO2 Application Server to add a proxy context path


In this article adding and configuring proxy context path for WSO2 Application Server 5.2.1 is discussed. Before configuring the Application Server, a reverse proxy server need to be installed and configured. For this article we are going to use the nginx reverse proxy server[1].

First install the nginx server and configured in your deployment server machine.

sudo apt-get install nginx

Then create a folder called ssl inside /etc/nginx and lets create the ssl certificates inside this folder.

sudo mkdir /etc/nginx/ssl
cd /etc/nginx/ssl

Then create the server key and certificates.

First create the private key. A pass phrase is prompt when creating the private key.

sudo openssl genrsa -des3 -out server.key 1024

Next create the certificate signing request

sudo openssl req -new -key server.key -out server.csr

Fill in the required details. Most important entry is the Common Name. Enter the domain name or the ip address if there is no domain name.

Next step is to sign the SSL certificate created. Use the following command to sign.

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Now creating the certificate is completed and the last step is to setup the virtual host to display the new certificate.

Create a copy of the default sites-enabled configuration

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wso2

Now create a symbolic between the sites-enabled directory and sites-available directory.

sudo ln -s /etc/nginx/sites-available/wso2 /etc/nginx/sites-enabled/wso2

Now the host is activated, and open up the /etc/nginx/sites-enabled/wso2 and enter the following configurations.

server {
listen 8243;
    server_name wso2test.com;
    client_max_body_size 100M;

    root /usr/share/nginx/www;
    index index.html index.htm;

    ssl on;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location /appserver/ {
        proxy_pass https://as.wso2test.com:9443/;
    proxy_redirect https://as.wso2test.com:8243/ https://wso2test.com:8243/appserver/;
    }

}

server{
    listen 8280;
    server_name wso2test.com;
    client_max_body_size 100M;

    root /usr/share/nginx/www;
    index index.html index.htm;


    location /appserver/ {
        proxy_pass http://as.wso2test.com:9763/;
        proxy_redirect http://as.wso2test.com:8280/ http://wso2test.com:8280/appserver/;
    }
}

In the nginx configuration for https requests with the /appserver/* pattern, the requests are directed to the /* pattern and the when the service is served to the client it resolves the url pattern to /appserver/*. This is same for the http requests also.

Save the file and Restart the nginx server using the following command and that's done with the nginx configurations.

    sudo service nginx restart

In the configuration https , http requests are listening on the 8243 and 8280 respectively. Server Name is set to wso2test.com. To test in a local machine you need to put the wso2test.com , as.wso2.com into the /etc/hosts entry as follows.

    127.0.0.1        wso2test.com   
    127.0.0.1        as.wso2test.com

Then lets configure the WSO2 Application Server 5.2.1. First Download the product and extract it to your machine. Lets consider WSO2AS-Home as the extracted directory.

Open the /repository/conf/carbon.xml and do the following configuration changes.

Set HostName as the hostname defined in the nginx configuration.

    wso2test.com

Set the MgtHostName as as.wso2.com

    as.wso2test.com

Set the ProxyContextPath as the appserver. This is the proxy path string which will appear in the management console, web apps and services urls.

    appserver

As mentioned in nginx configuration section the https, http requests are listening on the 8243 and 8280; but by default WSO2 products are listening on the 9443 and 9763. In this particular article 8243 and 8280 configured as the proxy ports. Whenever the incoming requests are coming through the 8243 and 8240 they are proxied to the 9443 and 9763 ports.

To enable proxy ports open the /repository/conf/tomcat/catalina-server.xml file and add the following two entries.


proxyport.png 

proxyPort Configuration in catalina-server.xml file

That's all for the configuration. Now start the server and enter the following url in a browser.

https://wso2test.com:8243/appserver/carbon/

You'll redirect to the login page, give the admin credentials and log into the server. You'll find the proxy path for admin console, services, webapps changed to the “/appserver” proxy path.


console.png 

Conclusion


Proxy context path is useful when a wso2 server fronted by a reverse proxy server. You can add a proxy context path along with a proxy host and a proxy port parameter. This enables UI url paths to be display in a proxy path and by enabling this proxy path, multiple products can live under a single hostname.


References


[1].http://nginx.org/
[2].https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04

Monday, December 22, 2014

WSO2 Carbon 4.3.0 Released..!!!

Hi Folks,

WSO2 Carbon team is pleased announce the release of the Carbon Kernel 4.3.0.

What is WSO2 Carbon

WSO2 Carbon redefines middleware by providing an integrated and componentized middleware platform that adapts to the specific needs of any enterprise IT project - on premise or in the cloud. 100% open source and standards-based, WSO2 Carbon enables developers to rapidly orchestrate business processes, compose applications and develop services using WSO2 Developer Studio and a broad range of business and technical services that integrate with legacy, packaged and SaaS applications.

WSO2 Carbon kernel, the lean, modular, OSGi-based platform, is the base of the WSO2 Carbon platform. It is a composable server architecture which inherits modularity and dynamism from OSGi framework. WSO2 Carbon kernel can be considered as a framework for server development. All the WSO2 products are composed as a collection reusable components running on this kernel. These products/components inherits all the core services provided by Carbon kernel such as Registry/repository, User management, Transports, Caching, Clustering, Logging, Deployment related features.

You can download the released distribution from the product home page : http://wso2.com/products/carbon/

How to Contribute 

What's New In This Release
  • Simplified logging story with pluggable log provider support.
  • Upgraded versions of Hazelcast, Log4j, BouncyCastle.
  • Improved Composite application support.

Key Features
  • Composable Server Architecture - Provides a modular, light-weight, OSGi-based server development framework.
  • Carbon Application(CApp) deployment support.
  • Multi-Profile Support for Carbon Platform - This enable a single product to run on multiple modes/profiles.
  • Carbon + Tomcat JNDI Context - Provide ability to access both carbon level and tomcat level JNDI resources to applications using a single JNDI context.
  • Distributed Caching and Clustering functionality - Carbon kernel provides a distributed cache and clustering implementation which is based on Hazelcast- a group communication framework
  • Pluggable Transports Framework - This is based on Axis2 transports module.
  • Registry/Repository API- Provide core registry/repository API for component developers.
  • User Management API  - Provides a basic user management API for component developers.
  • Logging - Carbon kernel supports both Java logging as well as Log4j. Logs from both these sources will be aggregated to a single output
  • Pluggable artifact deployer framework - Kernel can be extended to deploy any kind of artifacts such as Web services, Web apps, Business processes, Proxy services, User stores etc.
  • Deployment Synchronization - Provides synchronization of deployed artifacts across a product cluster.
  • Ghost Deployment - Provides a lazy loading mechanism for deployed artifacts

  • Multi-tenancy support - The roots of the multi-tenancy in Carbon platform lies in the Carbon kernel. This feature includes tenant level isolation as well as lazy loading of tenants.


  • Fixed Issues

    Known Issues

    Contact Us

    WSO2 Carbon developers can be contacted via the mailing lists:

    Reporting Issues
    You can use the Carbon JIRA issue tracker to report issues, enhancements and feature requests for WSO2 Carbon.

    Thank for you interest in WSO2 Carbon Kernel.

    --The WSO2 Carbon Team--

    Thursday, December 18, 2014

    Extending SCIM User Schema Of WSO2 Identity Server

    In this post we are going to extend the SCIM User Schema Of WSO2 Identity Server and add custom fields.
    More details about Extending SCIM User Schema Of WSO2 Identity Server and SCIM User Provisioning With WSO2 Identity Server using these links. [1], [2]. In this sample we are going to add a custom field called dateOfBirth to the schema. Follow the following steps to enable the custom field.
     
    1. Enable User Schema Extension by setting the user-schema-extension-enabled value true in /repositiry/conf/provisioning-config.xml
    2. Set your Custom User Schema as follows in the /repository/conf/scim-schema-extension.config
    =================================================================================
    [
    {
    "attributeURI":"urn:scim:schemas:extension:wso2:1.0:wso2Extension.dateOfBirth",
    "attributeName":"dateOfBirth",
    "dataType":"string",
    "multiValued":"false",
    "multiValuedAttributeChildName":"null",
    "description":"Date of Birth",
    "schemaURI":"urn:scim:schemas:extension:wso2:1.0",
    "readOnly":"true",
    "required":"true",
    "caseExact":"true",
    "subAttributes":"null"
    },
    {
    "attributeURI":"urn:scim:schemas:extension:wso2:1.0",
    "attributeName":"wso2Extension",
    "dataType":"null",
    "multiValued":"false",
    "multiValuedAttributeChildName":"null",
    "description":"SCIM wso2 User Schema Extension",
    "schemaURI":"urn:scim:schemas:extension:wso2:1.0",
    "readOnly":"false",
    "required":"false",
    "caseExact":"false",
    "subAttributes":"dateOfBirth"
    }
    ]
    ==================================================================================

    3. Start the server and login to the management console.
    4. Go to
    Home     > Configure     > Claim Management > urn:scim:schemas:core:1.0 > Add New Claim Mapping

    File in the Followings
    Display Name - dateOfBirth
    Description- Date of Birth
    Claim Uri - urn:scim:schemas:extension:wso2:1.0:wso2Extension.dateOfBirth
    Mapped Attribute (s) - nickName

    Here we have mapped to the nickName which is already available.

    5. Now you are done with the configurations.

    Now execute the following curl commands to add and get the user.

    Adding a user
    curl -v -k --user admin:admin --data "{"schemas":[],"wso2Extension":{"dateOfBirth":"1987-12-12"},"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","password":"hasinitg","emails":[{"primary":true,"value":"hasini_home.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
    

    Getting a user using the following command
    curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users/[User ID Value]
    

    Will result the following.

    {"id":"92851fef-31a8-4c54-b631-616e58a85cc8","wso2Extension":{"dateOfBirth":"1987-12-12"},"schemas":["urn:scim:schemas:core:1.0","urn:scim:schemas:extension:wso2:1.0"],"nickName":"2012-12-12","name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"hasini_work.com","type":"work"},{"value":"hasini_home.com","type":"home"}],"meta":{"lastModified":"2014-12-02T15:29:27","created":"2014-12-02T15:29:27","location":"https://localhost:9443/wso2/scim/Users/92851fef-31a8-4c54-b631-616e58a85cc8"}}


    [1]. http://sureshatt.blogspot.com/2013/06/scim-user-provisioning-with-wso2.html
    [2]. http://sureshatt.blogspot.com/2013/07/extending-scim-user-schema-of-wso2.html

    Wednesday, November 5, 2014

    [WSO2] Sample Web Application to Demonstrate Insertion, Retrieval and Deletion of a resource to Registry

    Here is a sample web application to test Insertion, Retrieval and Deletion of a  resource to Registry.
    Here is the sample servlet code. Github Link

    package org.wso2.carbon.test;
    import java.io.IOException;
    import java.io.PrintWriter;
    import javax.servlet.ServletException;
    import javax.servlet.annotation.WebServlet;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import org.wso2.carbon.context.CarbonContext;
    import org.wso2.carbon.context.RegistryType;
    import org.wso2.carbon.registry.api.Registry;
    import org.wso2.carbon.registry.api.Resource;
    /**
     * Servlet implementation class RegistryTest
     */
    @WebServlet("/RegistryTest")
    public class RegistryTest extends HttpServlet {
        private static final long serialVersionUID = 1L;
        /**
         * Default constructor.
         */
        public RegistryTest() {
            // TODO Auto-generated constructor stub
        }
        protected void processRequest(HttpServletRequest request,
                                      HttpServletResponse response) throws ServletException, IOException {
            try {
                PrintWriter out = response.getWriter();
                System.out.print("URL = " + request.getRequestURL());
                System.out.print(" :: action = " + request.getParameter("action"));
                System.out.print(" :: path = " + request.getParameter("path"));
                System.out.println(" :: resource = "+ request.getParameter("resource"));
                String resourcePath = request.getParameter("path");
                String resourceValue = request.getParameter("resource");
                String action = request.getParameter("action");
                CarbonContext cCtx = CarbonContext.getThreadLocalCarbonContext();
                Registry registry = cCtx.getRegistry(RegistryType.SYSTEM_CONFIGURATION);
                if (resourcePath != null && action != null) {
                    if (action.equalsIgnoreCase("add")) {
                        if( resourceValue != null){
                            Resource resource = registry.newResource();
                            resource.setContent(resourceValue);
                            registry.put(resourcePath, resource);
                            out.println("Resource added successfully!!");
                            out.println("Registry path :: " + resourcePath);
                            out.println("Registry value :: " + resourceValue);
                        }else{
                            out.println("ERROR :: Resource Value Empty!!!");
                        }
                    } else if (action.equals("get")) {
                        if (registry.resourceExists(resourcePath)) {
                            Resource resource = registry.get(resourcePath);
                            String content = new String((byte[]) resource.getContent());
                            response.addHeader("resource-content", content);
                            out.println("Resource Found in Registry returned!!!");
                            out.println("Registry path :: " + resourcePath);
                            out.println("Registry value :: " + content);
                        } else {
                            out.println("ERROR :: Resource Not Found in Registry!!!");
                            out.println("Registry path :: " + resourcePath);
                        }
                    } else if (action.equalsIgnoreCase("delete")) {
                        if (registry.resourceExists(resourcePath)) {
                            Resource resource = registry.get(resourcePath);
                            String content = new String((byte[]) resource.getContent());
                            registry.delete(resourcePath);
                            out.println("Resource Found and deleted!!!");
                            out.println("Registry path :: " + resourcePath);
                            out.println("Registry value :: " + content);
                        } else {
                            out.println("ERROR :: Resource Not Found in Registry!!!");
                            out.println("Registry path :: " + resourcePath);
                        }
                    }
                } else {
                    out.println("ERROR :: Resource Error!!!");
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        /**
         * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
         * response)
         */
        protected void doGet(HttpServletRequest request,
                             HttpServletResponse response) throws ServletException, IOException {
            processRequest(request, response);
        }
        /**
         * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
         * response)
         */
        protected void doPost(HttpServletRequest request,
                              HttpServletResponse response) throws ServletException, IOException {
            processRequest(request, response);
        }
    }
    

    To test the application host it to WSO2 Application Server. Execute the following commands.

    Adding resource

    curl --data "action=add&path=&resource=" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest
    
    e.g

    curl --data "action=add&amp;path=/foo/bar&amp;resource=AAAAAAAAA" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest<br />
    

    Getting resource

    curl --data "action=get&amp;path=" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest
    
    e.g
    curl --data "action=get&amp;path=/foo/bar" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest<br />
    

    Deleting resource

    curl --data "action=delete&amp;path=" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest
    
    e.g

    curl --data "action=delete&amp;path=/foo/bar" -v http://localhost:9763/CarbonTest-1.0.0/RegistryTest<br />
    

    Monday, November 3, 2014

    Create a WSO2 Worker-Manager Cluster in Just 2 Minutes !

    I've been working on an application(WSO2 Cluster Wizard) which creates a Worker-Manager Separated cluster for a given WSO2 Product. The objective of this application is to reduce the time spent on creating clusters in developers/testing local machines. Though puppet scripts can automate the process AFAIK, no one uses puppets to create clusters in their local setups'. 
    This is a simple GUI application which is very easy to use. Here is a screen shot of the UI.
     
     Basic Functionality.
    1. Creates Worker-Manager separated cluster (WKA based)
    2. Choice of enabling registry mounting
    3. Works on almost every WSO2 product
    4. Works on both Windows and Linux environments 
    How to use 
    Run the application using java -jar ClusterWizard.jar
    1. Select the zip file of product you want to cluster
    2. Select the destination folder
    3. Fill out the Manager and Worker settings
    4. If registry mounting enabled fill out the mysql connection details
    5. Hit execute button.
    Hope this will be useful, and highly appreciate your feedback. :)
    In the next version I'll be hoping to add the WSO2ELB configuration support also.
    Source can be found at. Github Link

    Monday, October 6, 2014

    How to Install and Configure Subversion Server with HTTP Access

    Hi all, Recently I came across with the $subject and I was unable to find a comprehensive tutorial. So In this post I've decided to show how to install and configure apache subversion server and configure the server to access via http in ubuntu.

    First of all update the apt-get by the following command.
    sudo apt-get update
    

    Then Install the subversion and it's utilities.
    sudo apt-get install subversion subversion-tools libapache2-svn
    

    Create two directories svn and repository in your home directory.
    mkdir /home/ubuntu/svn 
    mkdir /home/ubuntu/repository
    

    Next step is to create the svn repository.
    sudo svnadmin create /home/ubuntu/svn/repo
    

    Create some folders inside the repository directory.
    cd /home/ubuntu/repository 
    mkdir tags branches trunk
    

    Execute the svn import command to import repository.
    sudo svn import /home/ubuntu/repository file:///home/ubuntu/svn/repo
    

    Install apache2 server from the following command.
    sudo apt-get install apache2
    

    Enable dav_svn apache module
    sudo a2enmod dav_svn
    

    Open up the apache2.conf file
    sudo vi /etc/apache2/apache2.conf
    

    Add the following to the end of the file.
    <Location /svn>
        DAV svn
        SVNParentPath /home/ubuntu/svn
    </Location>
    

    Open up the svnserve.conf file
    sudo vi /home/ubuntu/svn/repo/conf/svnserve.conf
    

    Add the following content to the file
    anon-access = none
    auth-access = write
    password-db = passwd
    

    Open up the passwd file.
    sudo vi /home/ubuntu/svn/repo/conf/passwd
    

    Add a user to the passwd file, I'll add username:password as aruna:aruna
    aruna = aruna
    

    Restart the apache server
    sudo service apache2 restart
    

    Access your svn server using the following url.
    http://localhost/svn/repo
    

    That's it folks, Now you have your own svn server.. :)

    Tuesday, September 30, 2014

    WSO2 Carbon kernel 4.3.0 Alpha is Released!!!

    Hi Folks,

    WSO2 Carbon team is pleased announce the alpha release of the Carbon kernel 4.3.0.

    WSO2 Carbon redefines middleware by providing an integrated and componentized middleware platform that adapts to the specific needs of any enterprise IT project - on premise or in the cloud. 100% open source and standards-based, WSO2 Carbon enables developers to rapidly orchestrate business processes, compose applications and develop services using WSO2 Developer Studio and a broad range of business and technical services that integrate with legacy, packaged and SaaS applications.

    WSO2 Carbon kernel, the lean, modular, OSGi-based platform, is the base of the WSO2 Carbon platform. It is a composable server architecture which inherits modularity and dynamism from OSGi framework. WSO2 Carbon kernel can be considered as a framework for server development. All the WSO2 products are composed as a collection reusable components running on this kernel. These products/components inherits all the core services provided by Carbon kernel such as Registry/repository, User management, Transports, Caching, Clustering, Logging, Deployment related features.

    You can download the alpha pack from the following location.

    How to Contribute 

    What's New In This Release
    • Simplified logging story with pluggable log provider support.
    • Upgraded versions of Hazelcast, Log4j, BouncyCastle.
    • Improved Composite application support.

    Key Features
    • Composable Server Architecture - Provides a modular, light-weight, OSGi-based server development framework.
    • Carbon Application(CApp) deployment support.
    • Multi-Profile Support for Carbon Platform - This enable a single product to run on multiple modes/profiles.
    • Carbon + Tomcat JNDI Context - Provide ability to access both carbon level and tomcat level JNDI resources to applications using a single JNDI context.
    • Distributed Caching and Clustering functionality - Carbon kernel provides a distributed cache and clustering implementation which is based on Hazelcast- a group communication framework
    • Pluggable Transports Framework - This is based on Axis2 transports module.
    • Registry/Repository API- Provide core registry/repository API for component developers.
    • User Management API  - Provides a basic user management API for component developers.
    • Logging - Carbon kernel supports both Java logging as well as Log4j. Logs from both these sources will be aggregated to a single output
    • Pluggable artifact deployer framework - Kernel can be extended to deploy any kind of artifacts such as Web services, Web apps, Business processes, Proxy services, User stores etc.
    • Deployment Synchronization - Provides synchronization of deployed artifacts across a product cluster.
    • Ghost Deployment - Provides a lazy loading mechanism for deployed artifacts

  • Multi-tenancy support - The roots of the multi-tenancy in Carbon platform lies in the Carbon kernel. This feature includes tenant level isolation as well as lazy loading of tenants.


  • Fixed Issues

    Known Issues

    Contact us

    WSO2 Carbon developers can be contacted via the mailing lists:

    Thank for you interest in WSO2 Carbon Kernel

    --The WSO2 Carbon Team--

    Tuesday, September 9, 2014

    Enable Java Security Manager for WSO2 Products

    Hi everyone, in this post we are going to explore on how to enable java security manager for WSO2 products. For this we need to sign all the jars using the jarsigner program. For the learning purpose I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.
    Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files.. :)

    I am going to use the WSO2 Application Server 5.2.1 for the demonstrate purpose. 

    First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.
    Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.

    You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks
    Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)

    ./sign-packs.sh /home/aruna/wso2as-5.2.1
    

    Then you have to sign the patch folders inside the pack.
    ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001
    
    ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002
    
    ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
    

    Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.

    These are the only added lines apart from the original wso2server.sh file.

    -Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \
    -Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \
    -Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \
    -Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
    

    That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)

    For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.

    Download the script files from this link