This is the latest release in the 6.x.x family. For EI 7.0.0, click here.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuring Transport-Level Security

The transport level security protocol of the Tomcat server is configured in the catalina-server.xml file. Note that the ssLprotocol attribute is set to "TLS" by default. 

Using Asymmetric Encryption

WSO2 servers use asymmetric encryption by default for the purposes of authentication and data encryption. In asymmetric encryption, keystores (with key pairs and certificates) are created and stored for the product. It is possible to have multiple keystores so that the keys used for different use cases are kept unique.

Using Symmetric Encryption

You also have the option of switching to symmetric encryption for the EI profile. Using symmetric encryption means that a single key will be shared for encryption and decryption of information. 

Enabling Java Security Manager

The Java Security Manager is used to define various security policies that prevent untrusted code from manipulating your system.  Enabling the Java Security Manager for WSO2 products activates the Java permissions that are in the sec.policy file. You modify this file to change the Java security permissions as required.

Securing Passwords in Configuration Files

All WSO2 servers contain some configuration files with sensitive information such as passwords. Let's take a look at how such plain text passwords in configuration files can be secured using the Secure Vault implementation that is built into each server.

The following topics will be covered under this section:

When you use the ESB profile of WSO2 EI, it is also possible to encrypt passwords and other sensitive information in synapse configurations. See Working with Passwords in the ESB Profile for instructions.

Resolving Hostname Verification

Hostname verification is enabled in WSO2 servers by default, which means that when a hostname is being accessed by a particular client, it will be verified against the hostname specified in the product's SSL certificate.

Configuring custom headers to responses in tomcat server

Warning

This is available only as a WUM update an update(WUM or Updates 2.0) and is effective from 17th September 2021 (2021-09-17). For more information on updating WSO2 Enterprise Integrator, see Updating WSO2 Products or go to WSO2 Updates 2.0.


Navigate to the <EI_HOME>/conf/tomcat/web.xml file and add the sample code given below, according to your header requirement. The sample given below shows how to add the Referrer-Policy header.

Code Block
languagexml
<filter>
<filter-name>ReferrerPolicyFilter</filter-name>
<filter-class>org.wso2.carbon.tomcat.ext.filter.ResponseHeaderSetFilter</filter-class>
<init-param>
<param-name>headers</param-name>
<param-value>Referrer-Policy:no-referrer</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>ReferrerPolicyFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Note

 To add multiple headers to the same filter-mapping, use following sample in the <init param> section as comma separated key value pairs.

Code Block
languagexml
<param-name>headers</param-name>
<param-value>header1Key:header1Value,header2Key:header2Value</param-value>

...