Implementing custom password encryption
WebSphere® Application Server supports the use of custom password encryption.
Before you begin
About this task
Procedure
- Build your custom password encryption class. An
example of a custom password encryption class follows.
// CustomPasswordEncryption // Encryption and decryption functions public interface CustomPasswordEncryption { public EncryptedInfo encrypt(byte[] clearText) throws PasswordEncryptException; public byte[] decrypt(EncryptedInfo cipherTextInfo) throws PasswordEncryptException; public void initialize(HashMap initParameters); }; // Encapsulation of cipher text and label public class EncryptedInfo { public EncryptedInfo(byte[] bytes, String keyAlias); public byte[] getEncryptedBytes(); public String getKeyAlias(); };
- If you need to custom encode passwords
in property files, manually edit the PropFilePasswordEncoder.sh or
PropFilePasswordEncoder.bat file.
- Use a file editor to open the PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat file.
- Locate the following lines near the end of the file:
"%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE% "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2
- Add following lines to the call.
These custom properties will be passed to the command so that PropFilePasswordEncoder will look for custom encoding classes and utilize it.
-Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file)
The updated lines should look like the following lines:
"%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE% -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file) "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2
- Enable custom password encryption.
- Set the custom property com.ibm.wsspi.security.crypto.customPasswordEncryptionClass to the name of the class that is to be given control.
- Enable the function. Set the custom property, com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled to true.
Results


File name: tsec_pwencrypt.html