airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Informing about security related configuration applied on master
Date Wed, 08 Jul 2015 16:12:35 GMT
Hi all,

I just wanted to notify about some of the security related configuration
changes merged with Airavata master. Please let me know if you have any
objections.

1). Following two properties in airavata-server.properties controls if the
OAuth token validation is performed upon method invocation and the if the
Airavata server is exposed over TLS, respectively.

   - api.secured
   - TLS.enabled

Default value for both those two parameters in the
airavata-server.properties shipped in the distribution is 'true' (i.e:
 token validation is performed upon method invocation and the airavata
server is hosted only over TLS.)

When you write unit tests, integration tests without security, you can set
the parameter values to 'false' and proceed as usual.

2). Default key store (airavata.jks) and trust store
(client_truststore.jks) are shipped with the distribution which are located
in airavata_home/bin directory. Password of both of them are 'airavata' and
the client_truststore.jks contains the public certificates of Airavata and
WSO2 IS. These are used in the SSL handshakes.
Production deployment should replace them with organizational keystore and
trust store.
I will add this information to documentation as well.

Thanks,
Hasini.

Mime
View raw message