Tuesday, May 14, 2013

Encrypting WebLogic passwords for WLST scripts

WLST scripts can be utilized to start, stop and restart managed web logic servers. These scripts require that a connection is established to the local or remote node manager and usually the password is included as plain text inside the script.
 To eliminate this security risk, node manager passwords can be encrypted to the file system, as per instructions at page: http://docs.oracle.com/cd/E15523_01/web.1111/e13813/reference.htm .  The python script that follows can be used to encrypt the node manager passwords. This script must be saved in %MW_HOME% directory and must be executed when passwords change.  Important note: The text in red below is the username and password of the WebLogic server. Before execution of the script, they must be changed to the actual values, and cleared after the execution.  Copy the code below and paste in a new file createUserConfig.py, remember that you have to change the username and password as explain above. 
"""
This script stores username AND password of node manager in 
encrypted files.
To run it, execute: %MW_HOME%\wlserver_10.3\server\bin\setWLSEnv.cmd
%JAVA_HOME%\bin\java weblogic.WLST
wls:/offline> execfile('D:\oracle\Middleware\createUserConfig.py')
"""
import os
ucfile=os.environ['MW_HOME'] + '\\userconfigNM.secure'
uckey=os.environ['MW_HOME'] + '\\userconfigNM.key' 

nmConnect('weblogic', 'welcome1', 'localhost','5556','ClassicDomain')
storeUserConfig(userConfigFile=ucfile, userKeyFile=uckey,nm='true')
nmDisconnect()

nmConnect(userConfigFile=ucfile, userKeyFile=uckey, domainName='ClassicDomain', port='5556')

print '################################################################'
print '****** REMEMBER TO CLEAR THE username and password from line 11 '
print '################################################################'


Posted by at No comments:
Subscribe to: Posts (Atom)