./stopServer.sh server1 -username wasadmin -password wasadmin
For WebSphere Application Server running under a UNIX-based operating system (OS), the previously mentioned command (the UNIX equivalent) carries a serious security problem. Anybody who uses the command ps -ef while the stopServer process is running is able to see the user ID and the password.
In order to solve this problem you can follow these steps
- First open the /WebSphere/AppServer/profiles/AppSrv01/properties/soap.client.props file in the text editor and change value of following three properties
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword=wasadmin
The value of com.ibm.SOAP.loginUserid should be equal to the name of the wasadmin user and the value of com.ibm.SOAP.loginPassword would be equal to password for the wasadmin
Since your storing the password in plain text in the .properties file someone can read it to deal with that issue you should use the PropFilePasswordEncoder.sh command with the fully qualified file name and the name of the property that holds the password
./PropFilePasswordEncoder.sh /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/soap.client.props com.ibm.SOAP.loginPassword
After running this command if you open the soap.client.props file in the text editor you will notice that value of the password is encoded
com.ibm.SOAP.securityEnabled=true
#------------------------------------------------------------------------------
# - authenticationTarget ( BasicAuth[default], KRB5. These are the only supported selection
# on a pure client for JMX SOAP Connector Client. )
#------------------------------------------------------------------------------
com.ibm.SOAP.authenticationTarget=BasicAuth
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword={xor}KD4sPjsyNjE=- Restart the server and after that you wont have to use the password on the command line to stop the server
Dear Patil,
ReplyDeleteShould we specify the username even if we specify the username in the property file?
If you go to this page,
ReplyDeletehttp://www.sysman.nl/wasdecoder/
You can easly decode the password.
So is´t so secure..
Thanks a lot...it worked!!
ReplyDeleteHi sunil/team
ReplyDelete./PropFilePasswordEncoder.sh /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/soap.client.props com.ibm.SOAP.loginPassword
in above command should we
run it as above is it didnt understand the last password
thanks
SAM
Gonniac,
ReplyDeleteI would hope that file system access restricts access to the properties file so no one could get the encoded version to decode.
Any good admin would ensure this.
Any way to stop WAS + WPS without passing userId and password to stopserver.
ReplyDeleteAlso need to keep admin security enabled and cannot TYPE user-id password in soap.client.props
Thank you.
Thanks for info
ReplyDeleteWeb Design Company in Bangalore
Website development in Bangalore