We are been getting lot of questions about how can one avoid giving the clear text uersname and password in the WLST scripts or in the properties file for the security requirement. Hence I though of writing a new article on it so that it would more easier for others to get there answers. A month back I had written a post Deploy Applications Using Encrypted Password With ANT — Security Alert and would be using the same technique with WLST also which works just fine.
I would be using the StoreUserConfig, to create a user-configuration file which would contain an encrypted username and password and an associated key file that contains a secret key that is used to encrypt and decrypt the username and password which is in the user-configuration file. Once these files have been created then we can use them in any WLST script or any properties files.
Steps to create the user configuration file and key file:
There are basically two ways to create the StoreConfig and Key file.
1. weblogic.Admin Command:
Option-1). Using weblogic.Admin utility like following:
java weblogic.Admin -url t3://localhost:7001 -username weblogic -password weblogic -userconfigfile C:\Security_Files_Dir\domain_A_userConfig.file -userkeyfile C:\Security_Files_Dir\domain_A_key.file STOREUSERCONFIG
2. WLST Commands:
Option-2). Now lets see how to create a user-configuration file and an associated key file by running the StoreUserConfig() using WLST with the following commands.
Step-1) Starting the WLST After running the setWLSEnv.sh script in the command prompt.
java weblogic.WLST
Step-2) Connecting to WebLogic Admin Server using WLST
connect('weblogic','weblogic','t3://localhost:7001')
Step-3) Storing the user config file.
storeUserConfig('/someDirectory/MyUserConfigFile','/someDirectory/MyUserKeyFile')
Here:
someDirectory = Path where you would like to create these files
MyUserConfigFile = user-configuration
MyUserKeyFile = key file
Steps to use the user configuration file and key file in any WLST
Now we can use these files in any WLST scripts or in properties file, so lets look into it one by one
1. WLST script:
Normally we give the clear text username and password in the connect() command with the URL as show below
connect('weblogic','weblogic','t3://localhost:7001')
However as we have created user-configuration and the key files, hence we would now be replacing the above command with the below command
connect(userConfigFile='/someDirectory/MyUserConfigFile',userKeyFile='/someDirectory/MyUserKeyFile',url='t3://localhost:7001')
Where:
userConfigFile = the path where user-configuration file is been kept.
userKeyFile = the path where key file is been kept.
url = the url of the server where you want to connect it.
2. Properties file
We all know the use of the properties file with WLST, it gives an added advantage to just change the values in one simple file without touching the actual WLST which has the business logic. Now here is the changes has to be done as before and after
# Before (When you are NOT using user-configuration and the key files)
In *.properties files
admin.url=t3://localhost:7001 admin.username=weblogic admin.password=weblogic
In WLST script
adminUrl = configProps.get("admin.url") adminUser = configProps.get("admin.username") adminPassword = configProps.get("admin.password") connect(adminUser,adminPassword,adminUrl)
# After (When using user-configuration and the key files)
In *.properties files
admin.url=t3://localhost:7001 admin.username=/home/rmody/JBoss_Data/Samples/WLS/secure/myuserconfigfile.secure admin.password=/home/rmody/JBoss_Data/Samples/WLS/secure/myuserkeyfile.secure
In WLST script
adminUrl = configProps.get("admin.url") adminUser = configProps.get("admin.username") adminPassword = configProps.get("admin.password") connect(userConfigFile=adminUser,userKeyFile=adminPassword,url=adminUrl)
Where:
userConfigFile = the path where user-configuration file is been kept.
userKeyFile = the path where key file is been kept.
url = the url of the server where you want to connect it.
This way you can use your user-configuration and the key files inseated of the clear text credentials.
.
.
Regards,
Ravish Mody
May 8th, 2011 on 6:10 pm
Hi Ravish,
i had followed the above steps mentioned and i am getting prompt for entering username and password for every connect. find the below output.
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Checking All Servers State Details
You will need to be connected to a running server to execute this command
Please enter your username [weblogic] :
Please help me how can avoid this prompt
May 9th, 2011 on 11:33 am
Hi mpkbang,
It looks like you are not passing the userKey file and the Config file to the connect() properly :
admin.url=t3://localhost:7001
admin.username=/home/rmody/JBoss_Data/Samples/WLS/secure/myuserconfigfile.secure
admin.password=/home/rmody/JBoss_Data/Samples/WLS/secure/myuserkeyfile.secure
connect(userConfigFile=adminUser,userKeyFile=adminPassword,url=adminUrl)
.
.
Keep Posting 🙂
Thanks
Jay SenSharma
May 10th, 2011 on 2:30 pm
Thanks corrected my mistake.
Thanks,
Pavan