Previous
Next


Security Tools  Locate

Security Tools Overview  Locate

The WSO2 SOA Enablement Server distribution contains several tools for managing security providers, key store and user store data, and authorization files. These tools can be used either via command-line or GUI. Depending on the protection of administration services, tools may require authentication.

You must have the Security Tools component installed to use these tools.

[Note]Note

The security panel of the WSO2 SOA Enablement Server Administration Console may be used instead of these tools.

Providers Manager  Locate

The Providers Manager lets you configure authentication (security) providers, both locally using WSO2 SOA Enablement Server configuration files, and remotely using SOAP requests against WSO2 SOA Enablement Server administration services. We provide both command-line and GUI versions of this tool. For more information, see Providers Manager. You can also configure security providers using the WSO2 SOA Enablement Server administration console. For details, please see Security Preferences.

For example, the following command adds the 'HttpDigest' security provider as the accepting provider for the '/secure/HelloWorld' Web service endpoint:

ProvidersManager -t https://localhost:6443 -b /secure/HelloWorld -a HttpDigest
                       --username admin --password changeit

Authorization Policy  Locate

The Authorization Policy tool lets you modify the policy file used by the reference implementation of org.systinet.security.policy.UpdateablePolicy, using the graphical user interface. For more details see The AuthorizationPolicy - GUI Version. Assignment of administration permissions can be changed using the WSO2 SOA Enablement Server administration console as described in WSO2 SOA Enablement Server Administration Console.

Key Store and User Store Management  Locate

Use the following tools to generate identities, export and import the data, assign properties to users and list the content of the tools. You can :

  • PStore Tool allows you to manage the key store and perform certificate/key related operations to simplify the set up of identities for SSL

  • UserStoreTool manages the data stored in the user store, locally or remotely.

  • CertTool allows you to sign your certificates using our demo certification authority.

The key store and user store can also be managed by WSO2 SOA Enablement Server administration console. For more details see Security Panel under Administration Console in the Administrator's Guide

The following are examples of the most useful commands. (It is assumed that you are in the WASP_HOME/bin directory.)

  • Creating new identity (private key and self signed certificate) on the client side:

    PStoreTool new -alias test -keyPassword test -config ../conf/clientconf.xml

  • Creating new identity (private key and self signed certificate) on the server side:

    PStoreTool newServer -alias t2 -keyPassword t2 -url http://localhost:6060 
      -username admin -password changeit

  • Add trusted certificate to the server side:

    PStoreTool add -url http://localhost:6060 -alias cn=tst -username admin 
      -password changeit

  • Set the password property to the admin user (on the server side):

    UserStoreTool  add -t http://localhost:6060 -a admin -p password -v apass 
      --username admin --password changeit

  • List trusted certificates (on the server side):

    PStoreTool lsTrustedServer -url http://localhost:6060 -username admin 
      -password apass


Previous
Next