Ravish Mody

Today, Murphy one of our subscriber asked us by commenting if we have any automated script which can change the password of the weblogic admin account for almost 50 weblogic domains because of some audit reasons they have. So seeing the requirement we took out sometime and wrote a WLST script which can do that job for Murphy and hope that this script would also help our other subscribers too.

The logic behind this WLST script is that we have created a property file called domainsDeatils.properties which has all the details about the domains which the password has to be changed. Now this properties file is been called from a WLST python script called ChangeAdminPassword.py which calls this properties and change the password.

Thus you just need to run the ChangeAdminPassword.py and your job would be done in no time

1. Below is the details which domainsDeatils.properties would have


domain.1.name=Domain_8001
domain.1.admin.url=t3://localhost:8001
domain.1.admin.username=weblogic
domain.1.admin.OLD.password=weblogic
domain.1.admin.NEW.password=jboss_123

domain.2.name=jms_7001
domain.2.admin.url=t3://localhost:7001
domain.2.admin.username=weblogic
domain.2.admin.OLD.password=weblogic
domain.2.admin.NEW.password=jboss_123

2. And below is the WLST python script ChangeAdminPassword.py which would call the above properties and will change the password.


from java.io import FileInputStream

propInputStream = FileInputStream("domainsDetails.properties")
configProps = Properties()
configProps.load(propInputStream)

domainName=configProps.get("domain.1.name")
adminUrl = configProps.get("domain.1.admin.url")
adminUser = configProps.get("domain.1.admin.username")
oldAdminPassword = configProps.get("domain.1.admin.OLD.password")
newAdminPassword = configProps.get("domain.1.admin.NEW.password")

print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print ' '
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

domainName=configProps.get("domain.2.name")
adminUrl = configProps.get("domain.2.admin.url")
adminUser = configProps.get("domain.2.admin.username")
oldAdminPassword = configProps.get("domain.2.admin.OLD.password")
newAdminPassword = configProps.get("domain.2.admin.NEW.password")
print ' '
print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

Note: Make sure you keep both this files in the same folder when you are running the script or else you would have to give the path.

3 . Following would be the output as soon as you run the ChangeAdminPassword.py using the below command

Command:


java weblogic.WLST ChangeAdminPassword.py

Output:


Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

################################################################
 Chaning the Admin Password for : Domain_8001
################################################################

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  Domain_8001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++

Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer

################################################################
 Chaning the Admin Password for : jms_7001
################################################################

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  jms_7001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer

Advantages of this script:

  1. It can change any Users password , not only Admin user.
  2. This can be used with multiple domains.

So do let us know if this script made your life easy or not…

Regards,
Ravish Mody

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.