Why and when to perform this task
WebSphere Application Server contains several encoded passwords that are not encrypted. WebSphere Application Server provides the PropFilePasswordEncoder utility, which you can use to encode these passwords. However, the utility does not encode passwords that are contained within XML or XMI files. Instead, WebSphere Application Server automatically encodes the passwords in the following XML or XMI files.File name | Additional information |
---|---|
profile_root/config/cells/cell_name/security.xml |
The following fields contain encoded passwords:
|
war/WEB-INF/ibm_web_bnd.xml
|
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture |
ejb jar/META-INF/ibm_ejbjar_bnd.xml
|
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture |
client jar/META-INF/ibm-appclient_bnd.xml
|
Specifies the passwords for the default basic authentication for the resource-ref bindings within all the descriptors, except in the Java cryptography architecture |
ear/META-INF/ibm_application_bnd.xml
|
Specifies the passwords for the default basic authentication for the run as bindings within all the descriptors |
profile_root/config/cells/cell_name /nodes/node_name/servers/ server_name/server.xml |
The following fields contain
encoded passwords:
|
profile_root/config/cells/cell_name /nodes/node_name/servers/ server_name/resources.xml |
The following fields contain
encoded passwords:
|
profile_root/config/cells/cell_name/ws-security.xml |
|
ibm-webservices-bnd.xmi |
|
ibm-webservicesclient-bnd.xmi |
You can use the PropFilePasswordEncoder utility to encode the passwords that are located in the following files.
File name | Additional information |
---|---|
app_server_root /properties/sas.client.props |
Specifies the passwords for the following
files:
|
app_server_root /properties/soap.client.props |
Specifies passwords for:
|
app_server_root /properties/sas.tools.properties |
Specifies passwords for:
|
app_server_root /properties/sas.stdclient.properties |
Specifies passwords for:
|
app_server_root /properties/wsserver.key |
Steps for this task
If you are encoding the SAS properties files again, type: PropFilePasswordEncoder "file_name" -sas and the PropFilePasswordEncoder file encodes the known SAS properties.
If you are encoding files that are not SAS properties files, type PropFilePasswordEncoder "file_name" password_properties_list
where:
Use the PropFilePasswordEncoder utility to encode WebSphere Application Server password files only. The utility cannot encode passwords that are contained in XML files or other files that contain open and close tags.
Result
If you reopen the affected files, the passwords are encoded. WebSphere Application Server does not provide a utility for decoding the passwords.Related tasks
Securing passwords in files