Shanky ... Shankar Archive

Encrypting password in JBoss EAP

To encrypt password in Jboss using CLI, you can follow the steps below. This is particularly useful if you want to encrypt password for datasource.

 

1) export JBOSS_HOME=/pallavi/

2) export CLASSPATH=/pallavi/jboss-eap-6.2/modules/system/layers/base/org/picketbox/main/picketbox-4.0.19.SP2-redhat-1.jar:/pallavi/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:$CLASSPATH

3) java org.picketbox.datasource.security.SecureIdentityLoginModule sa

4) Make changes in your configuration file(eg: standalone.xml) under the security tag as below (search for security:1.2 tag):-

<security-domain name="encrypted-h2ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
</login-module>
</authentication>
</security-domain>

5) Now, remove the user name and password from datasource subsystem and add the below tag:-

<security-domain>h2ds</security-domain>

6) Now, restart the jboss instance as below and test the connectivity as below:-

[root@localhost ~]# /pallavai/bin/jboss-cli.sh
[disconnected /] connect 10.21.12.235:9999
[standalone@10.21.12.235:9999 /] /subsystem=datasources/data-source=ExampleDS:test-connection-in-pool()
{
"outcome" => "success",
"result" => [true]
}

Reset WebSphere admin console password

As a WebSphere admin one of the commonly seen issue is how to reset the WebSphere admin console password.

Well below are the steps to reset our WebSphere Admin Console Password

1) Using Admin Console:

To reset the password using the admin console

a) Go to DMGR profile config cells directory.

b) Edit the file(After taking backup) — security.xml and change the enabled value to false(refer to the below attachments)

1

 

c) Now, log in to the admin console, go to Security tab>Global Security>select Enable Administrative Security>Click on Security   Configuration Wizard>

2
Then click on Next. And Select the user repository as Federated repositories.
After entering the user name and password logout from admin console. Since, the changes are related to configuration restart the dmgr server instance to reflect the changes

2. Using wsadmin utility:

To reset the password using wsadmin tool:-

a) Go to WAS-Home>bin>./wsadmin.sh –lang jython –username wasadm –password wasadm123

b) Execute the below commands.

3

c) Reset the password using steps described above in section:1.c)

 

This will reset your wasadmin password.

Please feel free to get in touch with us if you have any queries.

Cheers,

Wonders Team

Working on Weblogic Server 8.1 License related issues

In weblogic 8.1 by default we have the following different types of license:

1) Development: Used in a development environment where a developer is preparing an application to run on top of WebLogic Platform. Enables us to run Weblogic Platform on a single machine, including machines running multiple instances of WebLogic Server. Permits client connections from a maximum of five IP addresses. IP addresses are tracked from the time the server is started. When we restart the server, the count is reset. Installed with Weblogic Platform in the BEA Home directory as license.bea. Is not tied to the IP address of a machine.

2) Scale Limited: Used in limited-scale production environments. Enables all WebLogic Platform component products. Enables us to run a single WebLogic Server instance with a server capacity limited to approximately 3 percent of the full capacity of a production server with a production license. Restricts server capacity by limiting concurrent socket connections to a maximum of three connections. Requests for a fourth socket connection are blocked until a socket becomes free. Permits client connections from an unlimited number of IP addresses. Installed, with WebLogic Platform 8.1 SP3 and higher, in the BEA Home directory as license_scale_limited.bea. It’s not tied to the IP address of a machine.

3) Production: Used in full-scale production environments. May restrict functionality to the software components that we have purchased. Enables us to run WebLogic Platform on a single machine, including machines running multiple instances of WebLogic Server. Permits client connections from an unlimited number of IP addresses. Must be purchased separately. It’s tied to the IP address of the machine. A production license can be used only on a machine with the same IP address that is specified in the license file

4) Workgroup: Restricts software functionality to that provided in WebLogic Server Workgroup Edition. Permits client connections from an unlimited number of IP addresses, but is limited to 20 concurrent users. Enforces user limitation by restricting the number of concurrent HTTP sessions with associated data to 20 sessions. Must be purchased separately. Is tied to the IP address of the machine.

By default the license.bea file is available in BEA_HOME directory

Steps for updating license file: We can update the license file using UpdateLicense.sh If we are transferring from an evaluation license to production license please refer to the following.:-
1. Locate the current (evaluation) license.bea (located in BEA home directory) and take a backup of this file
2. Rename the new (production) license file to license.bea and move this file to the exact location of the old license file (evaluation) in the BEA home directory and run ./UpdateLicense.sh license.bea(new file)

Troubleshooting License Issues

Issue:1) License not found/Missing error — Unable to start WebLogic Serve: Missing license file for WebLogic Platform

Cause:
1) License file not found in the BEA home directory
2) Incorrect version of the license is used.
3) BEA Home directory is copied from one drive in the hard disk to another drive in the hard disk.

Solution:
1) Ensure license file is located in the BEA home directory
2) Check the version of Weblogic in the license file.
3) Ensure that –Dbea.home command line parameter exists in the Weblogic startup script. Edit the startWeblogic.cmd (startWebLogic.sh in Unix systems) and include the –Dbea.home argument.

Issue:2) Incorrect IP address error: Unable to start WebLogic Server!!
WebLogic: license error, Invalid host IP

Cause: If our machine has multiple IP addresses, we need that WebLogic internally is only looking at the primary IP address.

To Troubleshoot please following the following steps:
1.Run setEnv script to set your environment. This can be done in your domain directory.
2. Please check the output of the BEA utility named utils.myip on your host machine. What IP address is returned?

Syntax : $ java utils.myip
This utility returns the IP address that WebLogic is internally looking for in the license.bea file. Compare the IP address returned from this utility to the license file IP address. If the output is different from the IP address mentioned in the license file, then the exception shown above will be shown

If the IP address returned by the myip utility is different from the WebLogic license’ IP
1. Contact system administrator to make the necessary changes in the IP of the system. To change the IP address you can use the hostname command, or if our system uses an /etc/hosts file, place the IP number matching the license file at the top of the file.
2. Transfer the IP address in your license file to the IP address returned by utils.myip
3. Customer may be using Virtual IP Addresses. The IP Address of the License may be mapped to a Virtual IP Address of the physical hardware. The License check requires the license to be bound to the physical address of the machine and not the virtual address. The customer needs to ensure that the license is bound only to the Physical IP address of the machine and not the virtual address. Weblogic Server will however be able to listen to the Virtual IP address by specifying that in the listenAddress of the Server section through the console. We may leave the listenAddress as blank and the server will be able to listen to the all the IP addresses it is configured on.

Issue-3) Unable to start WebLogic Server!!
Invalid software license file: \opt\weblogic\license.bea

Cause: License file found in the BEA home directory might be incorrectly formatted

Solution:
1) Ask the customer to replace the existing license with the original license file that is received from the License team or Sales team.
2) You will need to obtain a new license file from BEA License Management