Security

Security ^Locate

WSO2 SOA Enablement Server security requires proper JCE 1.2.2 and JAAS 1.0 installations. These are included in Java 2 SDK Version 1.4+.
To use HTTPS transport, you also have to install JSSE. These are included in Java 2 SDK Version 1.4+.
The Kerberos provider needs the GSS implementation of Kerberos included in JDK 1.4.
WS-Security also has a number of requirements. These are listed in WS-Security Provider Requirements.
To run WSO2 SOA Enablement Server on a JVM with the default Java security manager enabled you must grant the permissions in Example 1.

	Note
	In Example 1: WASP_HOME is the path to your installation; TMP_DIR is the location where Java creates temporary files according to the JVM property java.io.tmpdir; JAVA_HOME is the path to your JDK installation; HOST_NAME is the net address of your computer, like `foo.foocompany.com`; The port numbers may change according to your configuration.

Example 1. Running WSO2 SOA Enablement Server on JVM with an enabled security manager

permission java.io.FilePermission "WASP_HOME${/}-",
     "read,write,delete,execute";
permission java.io.FilePermission "WASP_HOME","read"; 
// Temporary directory needed for deployment must also 
// have appropriate permissions
permission java.io.FilePermission "TMP_DIR${/}-", "read,write,delete"; 
permission javax.security.auth.AuthPermission "*";
permission javax.security.auth.PrivateCredentialPermission 
    "com.idoox.security.spkm.GSSCredentialImpl 
    org.idoox.security.WASPPrincipal \"*\"", "read";
permission java.util.PropertyPermission "*", "read,write"; 
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "createClassLoader"; 
permission java.security.SecurityPermission "insertProvider.*"; 
permission java.lang.RuntimePermission "accessClassInPackage.*"; 
permission java.lang.RuntimePermission "setContextClassLoader"; 
permission java.net.SocketPermission "localhost:1024-", 
    "listen,connect,accept,resolve"; 
permission java.net.SocketPermission "HOST_NAME:1024-", 
    "listen,connect,accept,resolve"; 
permission java.io.FilePermission 
    "JAVA_HOME\\jre\\lib\\wsdl.properties", "read"; 
permission java.lang.RuntimePermission "accessDeclaredMembers"; 
permission java.lang.RuntimePermission "getClassLoader"; 
permission javax.security.auth.PrivateCredentialPermission 
    "org.idoox.security.jaas.NamePasswordCredential 
    org.idoox.security.WASPPrincipal
    \"*\"", "read";

IBM's JDK 1.4 Requirements ^Locate

To enable unlimited key sizes and algorithms you must install the Unlimited Strength Java Cryptography Extension Policy Files provided by Sun Microsystems. Please download and install these from http://www.ibm.com.
WASP_HOME/jaas.config must be replaced manually with WASP_HOME/jaas.ibm.config as IBM has a different Kerberos login module.

WS-Security Provider Requirements ^Locate

The requirements for employing WS-Security Provider with WSO2 SOA Enablement Server are:

XML parser - Apache Xerces is supported. Version 2.0.1 or later is required. Version 2.4.0 is distributed with WSO2 SOA Enablement Server.
- JDK 1.3: no special installation is required. WSO2 SOA Enablement Server's xerces.jar is used.
- JDK 1.4: no special installation is required. JDK contains Xerces 2.0.1_01.
XML XSLT processor - Apache Xalan is supported. Version 2.5.0 or later is required. Version 2.5.1 is distributed with WSO2 SOA Enablement Server.
- JDK 1.3: no special installation is required. WSO2 SOA Enablement Server's xalan.jar is used.
- JDK 1.4: no special installation is required.
JCE provider - Cryptography algorithms required by XML Signature and XML Encryption are provided by JCE providers. Currently the BouncyCastle JCE provider is supported. It can be downloaded from http://www.bouncycastle.org. The JCE provider is not bundled with WSO2 SOA Enablement Server due to US export restrictions.

Security Locate

IBM's JDK 1.4 Requirements Locate

WS-Security Provider Requirements Locate

Security ^Locate

IBM's JDK 1.4 Requirements ^Locate

WS-Security Provider Requirements ^Locate