Hi everyone, in this post we are going to explore on how to enable java security manager for WSO2 products. For this we need to sign all the jars using the jarsigner program. For the learning purpose I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.
Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files.. :)
I am going to use the WSO2 Application Server 5.2.1 for the demonstrate purpose.
First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.
Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.
You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks
Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)
Then you have to sign the patch folders inside the pack.
Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.
These are the only added lines apart from the original wso2server.sh file.
That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)
For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.
Download the script files from this link.
Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.
You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks
Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)
./sign-packs.sh /home/aruna/wso2as-5.2.1
Then you have to sign the patch folders inside the pack.
./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001 ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002 ./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003
Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.
These are the only added lines apart from the original wso2server.sh file.
-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \ -Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \ -Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \ -Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \
That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)
For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.
Download the script files from this link.
No comments:
Post a Comment