This WSO2 SOA Enablement Server ProvidersManager tool is designed for managing security providers settings. It is located in the bin subdirectory of the WSO2 SOA Enablement Server distribution.
Using this tool, providers settings changes can be done either directly in a configuration file (clientconf.xml or serverconf.xml) or remotely via SOAP on any running WSO2 SOA Enablement Server. Usage of the tool has minimal differences in both cases.
There are two types of providers settings where each provider can be defined globally for the whole server or "locally" per endpoint. Please see Security Configuration in Web Services Security for further details.
The general usage is:
ProvidersManager [-t target_server ] --file config_file ... [-b endpoint_name ] [option...]
Target Specification
-t target_server
WSO2 SOA Enablement Server to be configured.
--file configuration_file
Local WSO2 SOA Enablement Server configuration file, containing client or server configuration to be updated.
-b endpoint_name
Name of service endpoint (such as /HelloService/).
Options
--add provider_name
Add new provider to configuration.
-c provider_class
Class with provider implementation.
--rem provider_name
Remove provider from configuration.
-i provider_name
Set provider as initiating.
--no-initiating
Unset initiating provider.
-a provider_name
Add accepting provider.
--ra provider_name
Remove provider from accepting providers.
--list
List providers settings.
--az-on
Turn on authorization for specified endpoint.
--az-off
Turn off authorization for specified endpoint.
--iadd
Add identity association to endpoint.
--irem
Remove identity association from endpoint.
-p
Provider name to be used in identity association.
--iname identity_name
Identity name to be used in identity association.
--ipass password
Password to be used in identity association.
--get
The GET http transport method will be used. This pertains to manipulation with the endpoint only. This is needed when customizing security settings on services using the GET transport method.
--username user
Username to be used during authentication process. Not required, when working with local file or unsecured WSO2 SOA Enablement Server Server. User is prompted if required and not set.
--password pass
Password to be used during authentication process. Not required, when working with local file or unsecured WSO2 SOA Enablement Server Server. User is prompted if required and not set.
--secprovider provider
Security provider to be used during authentication process. Not required, when working with local file or unsecured WSO2 SOA Enablement Server. Server is contacted to obtain required provider if not set by user.
--gui
GUI version of this tool.
--help
Prints help screen.
--version
Prints version.
To add a new security provider, specify the name and classname of the provider, using these parameters:
[--add provider_name -c provider_class]*
For example:
ProvidersManager -t http://localhost:6060 --add MySSLProvider
-c org.ssl.MySSLProviderTo remove a security provider from the server, specify the name of security provider and the URL of the server. You have the following options:
[--rem provider_name]* --rem - remove provider from config
ProvidersManager -t http://localhost:6060 --rem MySSLProvider
Specify the name of security provider you want set or unset as an initiating provider. If you want to perform this task per endpoint, specify the endpoint name with the following parameters:
[-b endpoint_name] [-i provider_name] [--no-initiating] [--get]
-b
endpoint name
-i
setting of initiating provider
--no-initiating
unset initiating provider
--get
using GET transport method (POST is used by default)
The following command has the ProvidersManager toggle the MySSLProvider:
ProvidersManager -t http://localhost:6060 -i MySSLProvider
Security providers can also be toggled to be or not to be accepting. To utilize this feature, simply enter the provider or endpoint name, with the following parameters.
[-b endpoint_name] [-a provider_name] [--ra provider_name] [--get]
-b
-a
add provider to accepting providers
--ra
remove provider from accepting providers
--get
use GET transport method (POST is used by default)
Below are two examples of performing this task:
ProvidersManager -t http://localhost:6060 -a MySSLProvider
ProvidersManager -t http://localhost:6060 --ra MySSLProvider
Use the --az-on and --az-off options to toggle endpoint authorization on/off as shown below.
ProvidersManager -t http://localhost:6060 -b /mgmt/DeployService
--az-offUsing ProvidersManager, you can manage identity associations for every endpoint either locally or remotely as follows:
[-b endpoint_name [--iadd|--irem]+ -p provider_name --iname identity_name --ipass password [--get]
--iadd
add identity association
--irem
remove identity association
-p
provider name
--iname
identity name
--ipass
identity password
--get
use GET transport method (POST is used by default)
Below are two example of managed endpoint identity associations:
ProvidersManager -t http://localhost:6060 -b /mgmt/DeployService --iadd
-p HttpDigest --iname wasp_global --ipass passwordProvidersManager -t http://localhost:6060 -b /mgmt/DeployService --irem
-p HttpDigest --iname wasp_global --ipass passwordUse the --list option to retrieve current settings. Again, if you want to view per endpoint setting, just specify endpoint name. A sample retrieval of settings is shown below:
ProvidersManager -t http://localhost:6060 -b /mgmt/DeployService --list
There is also a GUI version of the ProvidersManager, which is opened when the --gui option is used with the ProvidersManager command.