Overview
While connecting to Weblogic Scripting Tool (WLST) or while running any WLST scripts, we might have used the clear text username and password which could lead us to any potential security threat.
In order to avoid it, Oracle recommends us to use the UserConfigFile and UserKeyFile where ever applicable.
Best example where you can use this keyfile and configfile is while using connect() method to go WLST online
Therefore, Rather using the connect with clear text password like below
connect("username","password","t3://localhost:7001")
you can use
connect("userConfigFile='/home/aksarav/myuserconfigfile.secure', userKeyFile='/home/aksarav/myuserkeyfile.secure','t3://localhost:7001')
to connect to WLST and in scripts also you can use this connect method, in order to securely connect to AdminServer
How to Create these files in an Easy way
So how to create these files?. There is a built-in method in weblogic named storeUserConfig() you can run in WLST interactive mode (or) scripting mode, in order achieve the same.
[weblogic@mwiapp01 bin]$ . ./setDomainEnv.sh [weblogic@mwiapp01 mwidomain]$ java weblogic.WLST Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> connect() Please enter your username :weblogic Please enter your password : Please enter your server URL [t3://localhost:7001] :t3://localhost:18001 Connecting to t3://localhost:18001 with userid weblogic ... Successfully connected to Admin Server "AdminServer" that belongs to domain "mwidomain". Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/mwidomain/serverConfig/> storeUserConfig() Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Creating new key... The username and password that were used for this WebLogic Server connection are stored in /home/weblogic/weblogic-WebLogicConfig.properties and /home/weblogic/weblogic-WebLogicKey.properties. wls:/mwidomain/serverConfig/>
As you could see in the preceding command snippet, you could just get the user config and user key file created into your home directory by just invoking the storeUserConfig() method
You can mention the path and the file name of the user config and user key files, Like shown below
wls:/mwidomain/serverConfig/> storeUserConfig('/tmp/myuserconfigfile.secure', '/tmp/myuserkeyfile.secure') Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Creating new key... The username and password that were used for this WebLogic Server connection are stored in /tmp/myuserconfigfile.secure and /tmp/myuserkeyfile.secure.
The Customized WLST Script Way
I have written some script to make your job ease and getting this job done.
There are two flavours of the script, I have written.
- The First one is using
getoptswhere you have to give the details as startup arguments. ( If you are using this script. There are chances, people can get access to your password from the bash history. If you feel that's not a problem you can use this) - The Second one is using the
properties file,where the script will obtain the username, password and other information from the properties file.
The Default Flag
The script is using a terminology called, Default flag if the default mode/flag is ON . the userConfigFile and userKeyFile will be saved in the default location, which is the home directory of the current user
you can set the default flag to ON using --default startup argument for the first script
and
you can set the default flag to ON by mentioning defaultflag=ON in the store.properties file
I have given both versions of the scripts below and you can choose any, as per your requirement.
The First one has a good help/usage information, you can get it by passing "help" as a startup argument like shown below.
java weblogic.WLST storeuserconfig.py help
The First One ( Using Startup arguments)
The Output[s]
Without Default flag
With Default Flag
The Second One ( Using Properties file)
The Output
With Default Flag ON
With Default Flag OFF
The Properties File ( For the Second One)
Note*: You must place the properties file in the same directory where you save second python script and the properties file name must be store.properties
Hope this helps.
If you are a Beginner to WLST and weblogic, this scripts could help you learn some new things. There are other articles like this in our site you can refer to.
Weblogic Domain Creation using WLST : http://www.mwinventory.in/blog/weblogic-domain-creation-script-wlst/
Weblogic Server Status using WLST : http://www.mwinventory.in/blog/weblogic-server-status-script-wlst/
There are more such articles here and more scripts still under development and will be published soon. Stay connected
Cheers,
A K S A R A V
Write to us at : [email protected]
Follow us on Facebook
To Join our Community in Whatsapp – Click here
