In every secure environment you must have a representation for identities. These identities are used during authentication between communicating peers and allows them to correctly identify each other. They, therefore, allow authorization, auditing, etc. Identities are stored in the WSO2 SOA Enablement Server protected store. The WSO2 SOA Enablement Server protected store consists of two essential parts. org.idoox.security.pstore.KeyStore and org.idoox.security.pstore.UserStore .

The key store contains key material for identities. The key store can contain entries for trusted certificates and key entries; that is, private key and certificate chain. Key entries are intended for use with asymmetric (public) cryptography and SSL uses such entries as identities. Trusted certificate entries are there to enable trust based on certificate chains. Trusted certificates must be placed here to tell WSO2 SOA Enablement Server that they are really trusted.

The user store contains security attributes of users, such as their passwords and certificates.

You can specify implementation classes for both key store and user store. Implementations can receive initialization properties through the Map instance given to their constructors. This map contains properties stored in the WSO2 SOA Enablement Server configuration file. Use the ProvidersManager GUI tool to configure them. Please see Configuring LDAP in SSJ for instructions.

The following properties can be set to affect provider implementations:

This WSO2 SOA Enablement Server Distribution comes with a default provider for protected store. This implementation is responsible for initialization of its user and key store parts. There is also only one implementation for key store which is the default. This key store uses the configuration file specified by the pstore.source.config.file system property. If this property is not set, the WSO2 SOA Enablement Server configuration file is used as the source file for the key store.

The default user store implementation com.idoox.security.pstore.UserStoreImpl behaves the same way as key store. It looks for the pstore.source.config.file system property first; if this property is not set, it attempts to get user store data from the WSO2 SOA Enablement Server configuration file. Entries in the user store contain attributes named by string values.

To be able to set, get, or modify the attributes of users in the user store, you must set up the PropertySerializer for each property type. You can set up additional property serializer classes through the ProvidersManager. Please see the GUI Tool section of Providers Manager. All user store implementations must support (de)serialization of the following attributes, to allow the WSO2 SOA Enablement Server security framework to function correctly: