Disabling Security Features

Main.DisablingSecurityFeatures History

Hide minor edits - Show changes to output

October 06, 2011, at 12:46 PM by 128.143.137.203 -
Changed line 18 from:
!!'''Disabling Auth'''Z
to:
!!'''Disabling AuthZ'''
October 06, 2011, at 12:45 PM by 128.143.137.203 -
Changed lines 18-19 from:
!!Disabling AuthZ
to:
!!'''Disabling Auth'''Z
Changed lines 26-27 from:
!!Disabling Message-level Signing
to:
!!'''Disabling Message-level Signing'''
Changed lines 38-39 from:
!!Disabling SSL
to:
!!''Disabling SSL''
Changed line 47 from:
!!Enabling Message-level Encryption
to:
!!'''Enabling Message-level Encryption'''
October 06, 2011, at 12:44 PM by 128.143.137.203 -
Deleted line 13:
Deleted line 14:
October 06, 2011, at 12:43 PM by 128.143.137.203 -
Changed lines 26-27 from:
to:
----
Changed line 39 from:
to:
----
Changed line 48 from:
to:
----
October 06, 2011, at 12:43 PM by 128.143.137.203 -
Changed lines 20-21 from:
Disabling AuthZ
to:
!!Disabling AuthZ
Changed lines 28-29 from:
Disabling Message-level Signing
to:
!!Disabling Message-level Signing
Changed lines 40-41 from:
Disabling SSL
to:
!!Disabling SSL
Changed line 49 from:
Enabling Message-level Encryption
to:
!!Enabling Message-level Encryption
October 06, 2011, at 12:40 PM by 128.143.137.203 -
Added lines 1-55:
(:Title Disabling Security Features:)


There are four main security features associated with Genesis II:


* SSL
* Message-level Signing
* AuthZ
* Message-level Encryption


The first three are turned on by default while message-level encryption is turned off.

If you do not want any security information to be passed when running Genesis II, you will need to disable the features that are turned on. This wiki specifies how to make modifications to the relevant configuration files.

As of July 2008, these properties are found in the /deployments/<deployment-name>/configurations/security.properties file.


Disabling AuthZ

To disable AuthZ, in theserver-config.xml file, change the following property's value to false.

<mconf:property name="genii.security.authz.authz-enabled"
value="false"/>


Disabling Message-level Signing

To disable message-level signing, disable AuthZ as described above and also change the following property in the client-config.xml file to just WARN.

<mconf:property name="edu.virginia.vcgr.genii.client.security.message.min-config"
value="WARN"/>

To enable message-level signing, enable AuthZ as per the opposite of above and also change the following property in the client-config.xml file to SIGN|WARN.

<mconf:property name="edu.virginia.vcgr.genii.client.security.message.min-config"
value="SIGN|WARN"/>

Disabling SSL

To disable SSL, XML-comment-out the entire following section in the client-config.xml and server-config.xml files.

<genii:ssl-properties>

To bootstrap, you will also need to update the bootstrap.xml script. Make the changes specified in Changing Protocols: HTTP vs. HTTPS.


Enabling Message-level Encryption

To enable message-level encryption, make sure AuthZ is enabled and add ENCRYPT to the following property in the client-config.xml.

<mconf:property name="edu.virginia.vcgr.genii.client.security.message.min-config"
value="WARN|ENCRYPT"/>