Pages

Subscribe:

Ads 468x60px

Featured Posts

Tuesday, September 9, 2014

Enable Java Security Manager for WSO2 Products

Hi everyone, in this post we are going to explore on how to enable java security manager for WSO2 products. For this we need to sign all the jars using the jarsigner program. For the learning purpose I will use the wso2carbon.jks java key store file, which ships default with WSO2 products.
Special thanks goes to Sanjaya Ratnaweera who generously gave me the script files.. :)

I am going to use the WSO2 Application Server 5.2.1 for the demonstrate purpose. 

First of all download the WSO2AS 5.2.1 from the link provided above. Then extract it to your local machine. I assume that for this particular example the pack is being extracted to /home/aruna folder. Change the paths according to your environment.
Make sure you are using java 1.6 version to sign the patches, since for 1.7 the packs may not be start.

You can find the default java key store file in the /wso2as-5.2.1/repository/resources/security/wso2carbon.jks
Then you have to sign the pack using the following command. (sign-packs.sh file is attached in the below scripts.zip file)

./sign-packs.sh /home/aruna/wso2as-5.2.1

Then you have to sign the patch folders inside the pack.
./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0001

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0002

./sign-patches.sh /home/aruna/wso2as-5.2.1/repository/components/patches/patch0003

Then you have to enable the security manager in the wso2server.sh file. Just replace the provided wso2server.sh file with the wso2as-5.2.1/bin/wso2server.sh file.

These are the only added lines apart from the original wso2server.sh file.

-Djava.security.manager=org.wso2.carbon.bootstrap.CarbonSecurityManager \
-Djava.security.policy=$CARBON_HOME/repository/conf/sec.policy \
-Drestricted.packages=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,org.wso2.carbon. \
-Ddenied.system.properties=javax.net.ssl.trustStore,javax.net.ssl.trustStorePassword,denied.system.properties \

That's it you have signed all the jars and enabled Java Security Manager for WSO2AS 5.2.1 :)

For more security permissions, open the /wso2as-5.2.1/repository/conf/sec.policy file to change the policies you want.

Download the script files from this link

Monday, August 25, 2014

Using WSO2 admin services to upload Carbon Applications - With Sample

Hi all, in this post we are going to explore how to use carbon admin services and how to consume them properly. There are lot of carbon admin services available for WSO2 Carbon based product.
To list  out all the admin services follow the below steps.
Start a WSO2 product using the following command. In this particular example I am using WSO2 ESB 4.8.0
aruna@aruna:~$ ./wso2server.sh -Dosgiconsole

Then type listAdminServices in the Osgi Console.

aruna@aruna:~$ listAdminServices
Now you can see all the available admin services.

By default these admin services are hidden. If you try to access a service using browser. you'll get the following error.

<faultstring>
The endpoint reference (EPR) for the Operation not found is /services/ProvisioningAdminService and the WSA Action = null. If this EPR was previously reachable, please contact the server administrator.
</faultstring>

To enable hidden admin services in Server-Home/repository/conf/carbon.xml file set the following value to false.
<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>

Then you'll see the wsdl file of the service available.
Here is a sample admin service client to demonstrate an uploading a carbon application to the server.
You can find the source code in this repository.
Repository Link    http://bit.ly/1vf8hkS