Encrypting password in JBoss EAP

To encrypt password in Jboss using CLI, you can follow the steps below. This is particularly useful if you want to encrypt password for datasource.

 

1) export JBOSS_HOME=/pallavi/

2) export CLASSPATH=/pallavi/jboss-eap-6.2/modules/system/layers/base/org/picketbox/main/picketbox-4.0.19.SP2-redhat-1.jar:/pallavi/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:$CLASSPATH

3) java org.picketbox.datasource.security.SecureIdentityLoginModule sa

4) Make changes in your configuration file(eg: standalone.xml) under the security tag as below (search for security:1.2 tag):-

<security-domain name="encrypted-h2ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
</login-module>
</authentication>
</security-domain>

5) Now, remove the user name and password from datasource subsystem and add the below tag:-

<security-domain>h2ds</security-domain>

6) Now, restart the jboss instance as below and test the connectivity as below:-

[root@localhost ~]# /pallavai/bin/jboss-cli.sh
[disconnected /] connect 10.21.12.235:9999
[standalone@10.21.12.235:9999 /] /subsystem=datasources/data-source=ExampleDS:test-connection-in-pool()
{
"outcome" => "success",
"result" => [true]
}

How to configure SSL on Nodemanager for 12c

In Weblogic Server 12.1.2, the java version of Node Manager controls all WLS instances belonging to the same domain.This allows the feasibility to have different nodemanager configurations for different domains.

You can follow the steps below to use one nodemanager per domain running over SSL ( custom identity & custom trust)

1)  Start nodemanager from the following location ( just to create a default nodemanager.properties file).

D:\Oracle\Middleware\wlserver_12.1\server\bin\startNodeManager.cmd

Stop the nodemanager.

2) Copy the nodemanager folder from the this location to your domain folder.

D:\Oracle\Middleware\wlserver_12.1\common\nodemanager

3) Copy startNodeManager.cmd present at the below location to your domain home folder

D:\Oracle\Middleware\wlserver_12.1\server\bin\startNodeManager.cmd

4) Open the script and update the NodeManager home location in the script

set NODEMGR_HOME=D:/Oracle/Middleware/user_projects/domains/base_domain/nodemanager

5) Create Identity Store for the Node Manager in the nodemanger folder.

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=www.welogic-wonders.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US" -keypass mykeypass -keystore identity.jks -storepass mystorepass
keytool -selfcert -v -alias mykey -keypass mykeypass -keystore identity.jks -storepass mystorepass -storetype jks

You can create it anywhere but then you will have to give the complete path in nodemanager.properties file.

6) Add the following in nodemanager.properties file

KeyStores=CustomIdentityAndCustomTrust
CustomIdentityAlias=mykey
CustomIdentityKeyStoreFileName=identity.jks
CustomIdentityKeyStorePassPhrase=password
CustomIdentityKeyStoreType=JKS
CustomIdentityPrivateKeyPassPhrase=password

7) Start your Node Manager from the domain folder at any available port you want.

D:\Oracle\Middleware\user_projects\domains\base_domain>startNodeManager.cmd localhost 6666

D:\Oracle\Middleware\user_projects\domains\base_domain>set CLASSPATH=.;D:\Oracle
\Middleware\patch_wls1211\profiles\default\sys_manifest_classpath\weblogic_patch
.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.jar;D:\Oracle\Middl
eware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middleware\wlserver_12.
1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features\weblogic.server.
modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\lib\webservices.j
ar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all.jar;D:\Oracle\M
iddleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar;
D:\Oracle\Middleware\user_projects\domains\base_domain>if not "" == "" set CLASS
PATH=;.;D:\Oracle\Middleware\patch_wls1211\profiles\default\sys_manifest_classpa
th\weblogic_patch.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.ja
r;D:\Oracle\Middleware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middle
ware\wlserver_12.1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features
\weblogic.server.modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\
lib\webservices.jar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-al
l.jar;D:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contr
ib.jar;
D:\Oracle\Middleware\user_projects\domains\base_domain>if not "" == "" set CLASS
PATH=.;D:\Oracle\Middleware\patch_wls1211\profiles\default\sys_manifest_classpat
h\weblogic_patch.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.jar
;D:\Oracle\Middleware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middlew
are\wlserver_12.1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features\
weblogic.server.modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\l
ib\webservices.jar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all
.jar;D:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contri
b.jar;;
D:\Oracle\Middleware\user_projects\domains\base_domain>cd D:\Oracle\Middleware\u
ser_projects\domains\base_domain\nodemanager
D:\Oracle\Middleware\user_projects\domains\base_domain\nodemanager>if not "6666"
== "" if not "localhost" == "" goto runNMWithListenAddressAndPort
D:\Oracle\Middleware\user_projects\domains\base_domain\nodemanager>"D:\Oracle\Mi
ddleware\jrockit_160_29_D1.2.0-10\bin\java.exe" -jrockit -Xms128m -Xmx256m -Dbea
.home=D:\Oracle\Middleware -Xverify:none -Djava.endorsed.dirs=D:\Oracle\Middlew
are\jrockit_160_29_D1.2.0-10/jre/lib/endorsed;D:\Oracle\Middleware\wlserver_12.1
/endorsed "-Djava.security.policy=D:\Oracle\Middleware\wlserver_12.1\server\lib\
weblogic.policy" "-Dweblogic.nodemanager.javaHome=D:\Oracle\Middleware\jrockit_1
60_29_D1.2.0-10" -DListenAddress="localhost" -DListenPort="6666" weblogic.NodeMa
nager -v
Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.NMServerConfig initDomainsMa
p
INFO: Loading domains file: D:\Oracle\Middleware\wlserver_12.1\common\nodemanage
r\nodemanager.domains
Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.SSLConfig loadKeyStoreConfig
INFO: Loading identity key store: FileName=D:\Oracle\Middleware\user_projects\do
mains\base_domain\nodemanager\identity.jks, Type=JKS, PassPhraseUsed=true
Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.NMServer
INFO: Loaded node manager configuration properties from 'D:\Oracle\Middleware\us
er_projects\domains\base_domain\nodemanager\nodemanager.properties'
Node manager v10.3
Configuration settings:
NodeManagerHome=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager
ListenAddress=localhost
ListenPort=6666
ListenBacklog=50
SecureListener=true
AuthenticationEnabled=true
NativeVersionEnabled=true
CrashRecoveryEnabled=false
JavaHome=D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\jre
StartScriptEnabled=true
StopScriptEnabled=false
StartScriptName=startWebLogic.cmd
StopScriptName=
LogFile=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager\nodemanager.log
LogLevel=INFO
LogLimit=0
LogCount=1
LogAppend=true
LogToStderr=true
LogFormatter=weblogic.nodemanager.server.LogFormatter
DomainsFile=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager\nodemanager.do
mains
DomainsFileEnabled=true
StateCheckInterval=500
UseMACBroadcast=false
DomainRegistrationEnabled=false
DomainsDirRemoteSharingEnabled=false
Domain name mappings:
wl_server -> D:\Oracle\Middleware\wlserver_12.1\samples\domains\wl_server
base_domain -> D:\Oracle\Middleware\user_projects\domains\base_domain
medrec -> D:\Oracle\Middleware\wlserver_12.1\samples\domains\medrec
Apr 23, 2015 8:30:51 PM weblogic.nodemanager.server.SSLListener run
INFO: Secure socket listener started on port 6666, host localhost/127.0.0.1