This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Server Profiles and Sample Security Policy
Server profiles can be used to manage deployment information for the Maven deploy plugin. The profiles define the name and server URL of the deployment environment where the project needs to be deployed. A profile needs to be defined for each deployment environment with the following parameters:
Tag | Description |
---|---|
<id> | The unique id used for the profile |
<name> | The parameter passed when deploying the project with Maven from the command line |
<value> | The value passed with -Denvironment when deploying from the command line. This value defines the server the project needs to be deployed on |
<trustStorePath> | The path to the wso2carbon.jks key store |
<trustStorePassword> | The password to the Keystore |
<serverURL> | URL of the server where the project will be deployed |
<username> | Server username |
<password> | Server password |
To define server profiles, you must edit the project pom.xml file and insert the profile as follows:
<?xml version="1.0"?> <profiles> <profile> <id>devdefault</id> <activation> <property> <name>environment</name> <value>Dev</value> </property> </activation> <build> <plugins> <plugin> <groupId>org.wso2.maven</groupId> <artifactId>maven-car-deploy-plugin</artifactId> <version>1.0.0</version> <extensions>true</extensions> <configuration> <carbonServers> <CarbonServer> <trustStorePath>/devesb_home/repository/resources/security/wso2carbon.jks</trustStorePath> <trustStorePassword>wso2carbon</trustStorePassword> <trustStoreType>JKS</trustStoreType> <serverUrl>https://esb_ip_address:port</serverUrl> <username>admin</username> <password>xxxxx</password> <operation>deploy</operation> </CarbonServer> </carbonServers> </configuration> </plugin> </plugins> </build> </profile> ... </profiles>
To deploy, use the following commands:
maven deploy -Denvironment=Dev (For Dev ESB) maven deploy -Denvironment=QA (For QA ESB)
Sample Security Policy:
<wsp:Policy wsu:Id="SigOnly" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier/><sp:MustSupportRefIssuerSerial/></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body/></sp:SignedParts></wsp:All></wsp:ExactlyOne><rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy"><rampart:user>wso2carbon</rampart:user><rampart:encryptionUser>useReqSigCert</rampart:encryptionUser><rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds><rampart:timestampTTL>300</rampart:timestampTTL><rampart:timestampMaxSkew>300</rampart:timestampMaxSkew><rampart:timestampStrict>false</rampart:timestampStrict><rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass><rampart:nonceLifeTime>300</rampart:nonceLifeTime><rampart:encryptionCrypto><rampart:crypto provider="org.wso2.carbon.security.util.ServerCrypto" cryptoKey="org.wso2.carbon.security.crypto.privatestore"><rampart:property name="org.wso2.carbon.security.crypto.alias">wso2carbon</rampart:property><rampart:property name="org.wso2.carbon.security.crypto.privatestore">wso2carbon.jks</rampart:property><rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property><rampart:property name="org.wso2.carbon.security.crypto.truststores">wso2carbon.jks,</rampart:property><rampart:property name="rampart.config.user">wso2carbon</rampart:property></rampart:crypto></rampart:encryptionCrypto><rampart:signatureCrypto><rampart:crypto provider="org.wso2.carbon.security.util.ServerCrypto" cryptoKey="org.wso2.carbon.security.crypto.privatestore"><rampart:property name="org.wso2.carbon.security.crypto.alias">wso2carbon</rampart:property><rampart:property name="org.wso2.carbon.security.crypto.privatestore">wso2carbon.jks</rampart:property><rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property><rampart:property name="org.wso2.carbon.security.crypto.truststores">wso2carbon.jks,</rampart:property><rampart:property name="rampart.config.user">wso2carbon</rampart:property></rampart:crypto></rampart:signatureCrypto></rampart:RampartConfig></wsp:Policy>