Ensure that the requirements in the Security section of Release Notes are fulfilled in the JDK used by your environment.

The same classloader that loads classes from jaas.jar must also load classes from security-ng.jar. You can ensure this by adding WASP_HOME/lib/security-ng.jar to the classpath of your servlet container.

You may also copy security-ng.jar into the JAVA_HOME/jre/lib/ext directory, but if you do so, it will be in the classloader of any application which uses the affected JDK.

Ensure that login modules are accessible by setting the java property java.security.auth.login.config to point to WASP_HOME/conf/jaas.config.

You may add login modules configured in this file to the servlet container's JAAS configuration in other ways. For example, in the IBM WebSphere application server, add a line including WASP_HOME/conf/jaas.config to the WASP_HOME/java/jre/lib/security/java.security file.

Ensure that the WASP_HOME/conf/wasp.policy file is accessible to the deployed WSO2 SOA Enablement Server. If the servlet context parameter wasp.location is set, WSO2 SOA Enablement Server tries to find the file in WASP_HOME/conf/wasp.policy.

If you do not set the context parameter, make sure the file wasp.policy is in the conf subdirectory of your web application.

If security is used in the deployed WSO2 SOA Enablement Server, you must copy WASP_HOME/lib/security2-ng.jar into the WEB-INF/lib subdirectory of the WSO2 SOA Enablement Server web application.