Installation of WSO2 SOA Enablement Server security is designed for simplicity. The WSO2 SOA Enablement Server Server Installer asks if the user wants to install security. If the answer is "yes," all default options are installed automatically.
You can delete unwanted components and customize security after installation by using the security tools.
Note that security tasks invariably slow down your application every time you add extra security functions. We recommend that you take time to analyze your application security requirements and select only the WSO2 SOA Enablement Server solutions that are necessary.
Please check the system requirements for security first. See Security for details.
We recommend that you change the "admin" user's password (preset to "changeit") before the first start of WSO2 SOA Enablement Server for Java. The password is saved in UserStore, stored in the file WASP_HOME/conf/pstore.xml. There are two ways to change the password before starting WSO2 SOA Enablement Server:
To use the command-line version of the UserStoreTool utility to change the password to NEWPASSWORD, follow these instructions:
Windows:
cd %WASP_HOME%\bin
%WASP_HOME%\binUserStoreTool --file %WASP_HOME%\conf\pstore.xml -a admin -p password -v NEWPASSWORD
UNIX:
cd $WASP_HOME/bin
$WASP_HOME/bin./UserStoreTool --file $WASP_HOME/conf/pstore.xml -a admin -p password -v NEWPASSWORD
To perform the same task using the GUI version of PStoreTool, follow these instructions:
Open the file WASP_HOME/conf/pstore.xml.
Select the User Store tab.
Select user admin.
Select the property password.
Type the new password and press the button labeled Apply Changes.
If WSO2 SOA Enablement Server is running, you can change the password using UserStoreTool or PStoreTool but you must connect to the WSO2 SOA Enablement Server instead of accessing the pstore.xml file. For more information please see: PStoreTool or UserStoreTool.
The password can be also changed using the Security Panel of the Admin Console when WSO2 SOA Enablement Server is running.