Why and when to perform this task
WebSphere Application Server contains several plain text passwords. These passwords are not encrypted, but are encoded. WebSphere Application Server provides the PropFilePasswordEncoder utility, which you can use to encode these passwords. However, the utility does not encode passwords that are contained within XML or XMI files. Instead, WebSphere Application Server automatically encodes the passwords in the following XML or XMI files, as the files are modified by the administrative console.File name | Additional information |
---|---|
WAS_INSTALL_ROOT/profiles/profile_name/config/ cells/cell_name/security.xml |
The following fields contain encoded passwords:
|
war/WEB-INF/ibm_web_bnd.xml |
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture. |
ejb jar/META-INF/ibm_ejbjar_bnd.xml |
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture. |
client jar/META-INF/ibm-appclient_bnd.xml |
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture. |
ear/META-INF/ibm_application_bnd.xml |
Specifies the passwords for the default basic authentication for the run as bindings within all the descriptors. |
WAS_INSTALL_ROOT /profiles/profile_name/config/ cells/cell_name/nodes/node_name/servers/ server_name/server.xml |
The following fields contain
encoded passwords:
|
profile_root/config/cells/cell_name/nodes/ node_name/servers/server.xml |
The following fields contain encoded passwords:
|
WAS_INSTALL_ROOT/profiles/profile_name/config/ cells/cell_name/nodes/node_name/servers/ server_name/resources.xml |
The following fields contain
encoded passwords:
|
For WebSphere Application Server and WebSphere
Application Server Express:
|
|
ibm-webservices-bnd.xmi |
|
ibm-webservicesclient-bnd.xmi |
You can use the PropFilePasswordEncoder utility to encode the passwords that are found in the following files.
File name | Additional information |
---|---|
WAS_INSTALL_ROOT/profiles/profile_name /properties/sas.client.props |
Specifies the passwords for the following
files:
|
WAS_INSTALL_ROOT/profiles/profile_name /properties/soap.client.props |
Specifies passwords for:
|
profile_root/properties/soap.client.props |
Specifies passwords for:
|
WAS_INSTALL_ROOT/profiles/profile_name /properties/sas.tools.properties |
Specifies passwords for:
|
WAS_INSTALL_ROOT/profiles/profile_name /properties/sas.stdclient.properties |
Specifies passwords for:
|
WAS_INSTALL_ROOT/profiles/profile_name /properties/wsserver.key |
Steps for this task
If you are encoding the SAS properties files again, type: PropFilePasswordEncoder file_name -sas and the PropFilePasswordEncoder file encodes the known SAS properties.
If you are encoding files that are not SAS properties files, type PropFilePasswordEncoder file_name password_properties_list
where:
Use the PropFilePasswordEncoder utility to encode WebSphere Application Server password files only. The utility cannot encode passwords that are contained in XML files or other files that contain open and close tags.
Result
If you reopen the affected files, the passwords do not display in plain text. Instead, the passwords display encoded. WebSphere Application Server does not provide a utility for decoding the passwords.Related reference
Supported authentication protocols