Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Shut down the server if it is already started.
  2. Create a text file named "password" in <PRODUCT_HOME>.
  3. Enter your primary keystore password in the 1st line of the text file and save it.
  4. Start the Carbon Server using command, daemon. sh wso2server.sh -start

  5. By default, the password provider assumes that both private key and keystore passwords are the same. If not, the private key password must be entered in the second line of the file.

    Info
    titleImportant

    If the carbon server is deployed in any other app server (eg:- weblogic) or key password of https transport (password in mgtcatalina-transportsserver.xml), it is not secured. Then the file name of the text file must be 'password-tmp', not 'password'.

    Info
    titleNote

    At every restart, the Admin has to create a text file.

...

Write a secret callback class. You need to implement the SecretCallbackHandler interface or extend the AbstractSecretCallbackHandler abstract class. For example,

Code Block
Java
Java

public class HardCodedSecretCallbackHandler extends AbstractSecretCallbackHandler {
     protected void handleSingleSecretCallback(SingleSecretCallback singleSecretCallback) {
            singleSecretCallback.setSecret("password");
     }
}

We can set multiple password-based as follows,

Code Block

public class HardCodedSecretCallbackHandler extends AbstractSecretCallbackHandler {
    protected void handleSingleSecretCallback(SingleSecretCallback singleSecretCallback) {
         if("foo".equals(singleSecretCallback.getId())){
            singleSecretCallback.setSecret("foo_password");
         } else if("bar".equals(singleSecretCallback.getId())){
            singleSecretCallback.setSecret("bar_password");
           }
   }
}

Create a jar or an OSGI bundle. Copy the jar file to <PRODUCT_HOME>/repository/component/lib directory or the OSGI bundle to <PRODUCT_HOME>/repository/component/dropins. Configure the user-mgt.xml file with an alias name and your secret callback handler class name. For example,

Code Block
XML
XML

<UserManagerxmlns:svns="http://org.wso2.securevault/configuration" >
    <svns:SecureVault provider="org.wso2.securevault.secret.handler.HardCodedSecretCallbackHandler">
    <Realm>
    <Configuration>
       <AdminRole>admin</AdminRole>
       <AdminUser>
           <UserName>admin</UserName>
           <Password>admin</Password>
       </AdminUser>
       <EveryOneRoleName>everyone</EveryOneRoleName>
       <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</Property>
       <Property name="userName">wso2carbon</Property>
       <Property name="password" svns:secretAlias="UserManager.Configuration.Property.password">password</Property>
       <Property name="driverName">org.h2.Driver</Property>
       <Property name="maxActive">50</Property>
       <Property name="maxWait">60000</Property>
       <Property name="minIdle">5</Property>
    </Configuration>

...

Following are the alias names and secrets of carbon configuration files which are supported by secure vault.

Code Block

transports.https.keystorePass -> SSL key and keystore password in mgtcatalina-transportserver.xml
Carbon.Security.KeyStore.Password- > Keystore password of Carbon server in carbon.xml
Carbon.Security.KeyStore.KeyPassword -> Private key password of Carbon server in carbon.xml
Carbon.Security.TrustStore.Password -> Trust store password of Carbon server in carbon.xml
UserManager.AdminUser.Password -> Admin User password in user-mgt.xml
UserManager.Configuration.Property.password -> User Manager database connection password in user-mgt.xml
UserStoreManager.Property.ConnectionPassword -> User store connection password in user-mgt .xml
wso2registry.[Registry Name].password -> Registry database connection password in registry.xml
Axis2.Https.Listener.TrustStore.Password -> NIO Listener SSL trust store password in axis2.xml
Axis2.Https.Listener.KeyStore.Password -> NIO Listener SSL keystore store password in axis2.xml
Axis2.Https.Listener.KeyStore.KeyPassword -> NIO Listener SSL key password in axis2.xml
Axis2.Https.Sender.TrustStore.Password -> NIO Sender SSL trust store password in axis2.xml
Axis2.Https.Sender.KeyStore.Password -> NIO Sender SSL key store password in axis2.xml
Axis2.Https.Sender.KeyStore.KeyPassword -> NIO Sender SSL key password in axis2.xml
Axis2.Mailto.Parameter.Password -> Email sender password in axis2.xml