Application Engine security includes user credentials protection and a configuration option for Secure Sockets Layer (SSL).
The Application Engine can send or receive encrypted user credentials to or from other applications, such as Application Integration. Encrypted credentials are passed between applications in the form of a user token.
The use of user tokens is dependent on the existence of a crypto keyfile. During the Application Engine installation, the administrator can specify how many keys are created in this crypto keyfile and whether the keys are limited strength (128-bit) or maximum strength (448-bit).
Workplace can be configured to accept and generate user tokens through the User Tokens settings in the Bootstrap site preferences.
You can configure SSL in the environment in one of two ways:
You configure SSL security during Application Engine setup. For instructions, see "Set Up Application Engine SSL Security" in the IBM FileNet P8 Platform Installation and Upgrade Guide.
NOTE For complete background on security, see IBM FileNet P8 Platform security.
When testing encryption of credentials tokens during your application development, you can run MakeCryptoKeys from a command line to manually generate one or more encryption keys. (You can display usage information by running the utility with no arguments.) Specify the number of keys and the size (in bits) of the keys to be generated. We recommend that you keep the number of keys to the minimum that will satisfy your security requirements (the default is 3). The default key size is 128 bits. If you do not have the unlimited strength policy files, you should use keys of 128 bits. If you specify a size greater than 256 bits, the utility generates a warning and reduces the value to 256 bits. Due to initialization processing, a delay of several seconds is not unusual when MakeCryptoKeys starts. The utility writes its output to standard output (System.out); redirect the output to a CryptoKeyFile.properties file. Edit the WcmApiConfig.properties file to add an entry specifying the full path to the key file.
The following command creates three 256-bit keys, and redirects the output to a file. This example assumes that your classpath is already set up to include the Content Java API JAR files.
java com.filenet.wcm.api.util.MakeCryptoKeys -n 3 -s 256 > CryptoKeyFile.properties
To test, instantiate a Session object, specifying symmetric credentials protection for the credTag parameter of the method call, as shown below. You can specify either the string "Symmetric" or use the Session.SYMMETRIC constant.
Session sess = ObjectFactory.getSession("com.example.apps.MyTestApp", Session.SYMMETRIC, "tester", "testpswd");