Encrypt/Decrypt Weblogic Server Password..

Encrypt WLS Password - 

1. Change directory to your domain's bin folder (For Eg. cd c:\bea\user_projects\domains\mydomain\bin)
2. Execute the setDomainEnv script (For Eg. setDomainEnv.cmd)
3. Execute java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout.

The following are some sample output from running the utility

-bash-4.1$ java weblogic.security.Encrypt
Password: *****
{AES}x2TMt6AIrZlpkfiqdV1l2vubITipFV60rAexEz+rCco=

C:\bea\user_projects\domains\mydomain>java weblogic.security.Encrypt testpwd
{3DES}9HWsf87pJTw=

You can also use WLST to encrypt clear text strings as below:

C:\bea\user_projects\domains\mydomain>java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> es = encrypt('wbstg2014')
wls:/offline> print es
{3DES}9HWsf87pJTw=
wls:/offline>

Sooner or later while we deal with Weblogic. We may face the situation where you do not remember or recollect the weblogic Admin/Server passwords.

Lets us see how to decrypt the password -

Step 1 -  Navigate to domain/bin

Ex - cd /opt/middleware/oracle/oracle_WL_Home/user_projects/domains/comcast_domain/bin

Run   . ./setDomainEnv.sh


Step2:       Copy the following into a file and save it as decrypt.py (click here to download the file)

import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
    domainHomeAbsolutePath = os.path.abspath(domainHomeName)
    encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
    ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
    clear = ces.decrypt(encryptedPwd)
    print "Decrypted Password:" + clear

try:
    if len(sys.argv) == 3:
        decrypt(sys.argv[1], sys.argv[2])
    else:
        print "INVALID ARGUMENTS"
        print " Usage: java weblogic.WLST decryptPassword.py <DOMAIN_HOME> <ENCRYPTED_PASSWORD>"
        print " Example:"
        print "    java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
    print "Unexpected error: ", sys.exc_info()[0]
    dumpStack()
    raise


Step3 -

copy this file into $domain/security Dir as script needs to access serializedSystemIni and other ldif files in this directory.

Step 4 -

Step4:
     Execute the following command

Syntax:
    java  weblogic.WLST  decrypt.py  . encrypted_password_from_boot.properties

Example:
    java  weblogic.WLST  decrypt.py  . {3DES}H6HVU9HWbD8AD2BHQajnEA==

Note - You need to input the correct encrypted password ( read it from boot.properties) else you will see below issues..

Unexpected error:  weblogic.security.internal.encryption.EncryptionServiceException

Problem invoking WLST - Traceback (innermost last):
  File "/opt/middleware/scripts/decrypt.py", line 14, in ?
  File "/opt/middleware/scripts/decrypt.py", line 9, in decrypt
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:141)
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:189)
    at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)

weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.

Method 2 : 

Below steps can be followed to Decrypt the Passwords in Weblogic.

source $DOMAIN_HOME/bin/setDomainEnv.sh

cd $DOMAIN_HOME/security 

Please create a file called plainpassword.py with the below contents and save the file.

from weblogic.security.internal import *  
from weblogic.security.internal.encryption import *

encryptionService = SerializedSystemIni.getEncryptionService(".")  
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

passwd = raw_input("Enter encrypted password of one which you wanted to decrypt : ")

plainpwd = passwd.replace("\\", "")

print "Plain Text password is: " + clearOrEncryptService.decrypt(plainpwd) 

 Run the below command to decrypting the password. Enter the encrypted password when prompted.

java weblogic.WLST plainpassword.py  
Initializing WebLogic Scripting Tool (WLST) ...  
Welcome to WebLogic Server Administration Scripting Shell  
Type help() for help on available commands  
Enter encrypted password of one which you wanted to decrypt : {AES}LsGaddassssvQDyibmejXFkf1tWxyndNArAhZ3M5GcnjXWUpJs=  
Plain Text password is: Welcome1234 

Using this way we can decrypt the encrypted password from boot.propertis
 and db schema passwords stored data source xml files on 
$DOMAIN_HOME/config/jdbc and also we can decrypt the NM password which 
is on config.xml.

Thanks,

Srikanth Govada

Step1:
    Open a command prompt and navigate to the domain bin

user_projects/DOMAIN_HOME/bin - See more at: http://middleware7.blogspot.com/2012/09/how-to-decrypt-weblogic-password.html#sthash.QWAGMaTn.dpuf

Steps to create a new domain on Weblogic Server 12.1.2.0.0...

 Note -


Prior to running the Configuration Wizard to create a domain on a UNIX or Linux operating system, if you have not already done so, set the CONFIG_JVM_ARGS environment variable as follows:
-Djava.security.egd=file:/dev/./urandom
This decreases the amount of time it takes for the Configuration Wizard to create or update a domain
Quick Start Configuration Wizard can be used only to configure the various sample domains, such as MedRec and the Examples Server, in your WebLogic Server installation.The Quick Start Configuration Wizard supports only the Derby (JavaDB) database driver. If you are using another database, you cannot use the Quick Start Configuration Wizard to create your domain. 
- You can start Quick Start Configuration Wizard in two ways :
1. Select the Automatically Launch Quick Start Configuration Wizard option on the Installation Complete screen of the WebLogic Server installer.
2. Run the config.cmd / config.sh script located in ORACLE_HOME/oracle_common/common/bin as follows : " config.cmd -target=config-oneclick " in windows and " config.sh -target=config-oneclick " in Linux.
- Prior to manually running the Configuration Wizard in Quick Start mode, you must set the CONFIG_JVM_ARGS environment variable to specify the full path and JAR file name for each template that you want to use for the domain.
To set CONFIG_JVM_ARGS on a Windows system:

set CONFIG_JVM_ARGS="-DuserTemplates=C:/Oracle/Middleware/wlserver/common/
templates/wls/wls.jar,C:/Oracle/Middleware/wlserver/common/templates/
wls/wls_webservice_jaxws.jar"

To set CONFIG_JVM_ARGS on a UNIX:

export CONFIG_JVM_ARGS="-DuserTemplates=/Oracle/Middleware/wlserver/common/
templates/wls/wls.jar,/Oracle/Middleware/wlserver/common/templates/
wls/wls_webservice_jaxws.jar"

Example -

export CONFIG_JVM_ARGS="-Djava.security.egd=file:/dev/urandom -DuserTemplates=/opt/middleware/oracle/oracle_WL_Home/wlserver/common/templates/wls/wls.jar"

Steps to create a new WLS 12.1.2.0.0 domain :

Step 1 :

- After installing Weblogic server, you can check/select " Automatically Launch the Configuration Wizard " and finish the installation. This would automatically start the configuration Wizard.

- You can also start the Configuration Wizard using config script located at :
On Windows: <MWHOME>\oracle_common\common\bin\config.cmd  ( OR " choose Start > All Programs > Oracle > Oracle Home > WebLogic Server version > Tools > Configuration Wizard. " )
On UNIX: <MWHOME>/oracle_common/common/bin/config.sh

Note :
- If you have a WLS zip installer then you need to use the configure.sh script to create a basic domain instead of the config.sh script.

Even though the config.sh script is present it will not work.
- When you run the config.cmd or config.sh command, the following error message might be displayed to indicate that the default cache directory is not valid:
*sys-package-mgr*: can't create package cache dir
You can change the cache directory by including the -Dpython.cachedir=valid_directory option in the command line.
To create a log file of the Configuration Wizard session, include the -log=config.log -log_priority=debug parameter in the command. You can specify any file name for the log file, such as config_today.log. The log file is stored in the logs directory of the Oracle Middleware home directory.
- If you cannot use GUI mode then Oracle recommends to use WLST to create a new or extended domain. 

Step 2 :

Step 3 :

- There are three template categories that you can choose from :
* All Templates ( Default )
* Oracle
* Oracle weblogic Server and Coherence

Step 4 :

Step 5 :

Step 6 :

- You now have an option to configure nodemanager in the configuration wizard.
- Nodemanager can be configured at the domain level or machine level.
- By default nodemanager would be configured at the domain level.

Step 7 :

Step 8 :

Step 9 :

Steps to DeInstall Oracle Weblogic Server 12.1.2.0.0.

Below are the steps to deinstall Oracle Weblogic Server 12.1.2.0.0 :

Note :

- You can deinstall Weblogic Server in two ways :

* Silent Mode

* GUI Mode  

- The deinstaller does not remove the JDK or any user-created data such as WebLogic domains or custom application data. Only the components that were installed by the installation program are removed by the deinstaller. 

Deinstalling WLS 12.1.2 in Silent mode :

Deinstall WLS 12.1.2 in GUI mode :
Step 1 :
Go to " ORACLE_HOME\oui\bin " directory and run deinstall script.

Step 2 :

Step 3 :

Note :
- You can save the response file for deinstaller here.
- This response file can be used to deinstall WLS in silent mode. 

Step 4 :

Step 5 :

">Step 6 :

Note :
 - After running the deinstall script, not all files / folders are removed.
- To remove all the files and folder you need to manually clean up few files as shown below :

PATH and CLASSPATH

PATH and CLASSPATH

This section explains how to use the PATH and CLASSPATH environment variables on Microsoft Windows, Solaris, and Linux. Consult the installation instructions included with your installation of the Java Development Kit (JDK) software bundle for current information.

After installing the software, the JDK directory will have the structure shown below.
JDK directory structure

The bin directory contains both the compiler and the launcher.
Update the PATH Environment Variable (Microsoft Windows)

You can run Java applications just fine without setting the PATH environment variable. Or, you can optionally set it as a convenience.

Set the PATH environment variable if you want to be able to conveniently run the executables (javac.exe, java.exe, javadoc.exe, and so on) from any directory without having to type the full path of the command. If you do not set the PATH variable, you need to specify the full path to the executable every time you run it, such as:

C:\Java\jdk1.7.0\bin\javac MyClass.java

The PATH environment variable is a series of directories separated by semicolons (;). Microsoft Windows looks for programs in the PATH directories in order, from left to right. You should have only one bin directory for the JDK in the path at a time (those following the first are ignored), so if one is already present, you can update that particular entry.

The following is an example of a PATH environment variable:

C:\Java\jdk1.7.0\bin;C:\Windows\System32\;C:\Windows\;C:\Windows\System32\Wbem

It is useful to set the PATH environment variable permanently so it will persist after rebooting. To make a permanent change to the PATH variable, use the System icon in the Control Panel. The precise procedure varies depending on the version of Windows:
Windows XP

    Select Start, select Control Panel. double click System, and select the Advanced tab.
    Click Environment Variables. In the section System Variables, find the PATH environment variable and select it. Click Edit. If the PATH environment variable does not exist, click New.
    In the Edit System Variable (or New System Variable) window, specify the value of the PATH environment variable. Click OK. Close all remaining windows by clicking OK.

Windows Vista:

    From the desktop, right click the My Computer icon.
    Choose Properties from the context menu.
    Click the Advanced tab (Advanced system settings link in Vista).
    Click Environment Variables. In the section System Variables, find the PATH environment variable and select it. Click Edit. If the PATH environment variable does not exist, click New.
    In the Edit System Variable (or New System Variable) window, specify the value of the PATH environment variable. Click OK. Close all remaining windows by clicking OK.

Windows 7:

    From the desktop, right click the Computer icon.
    Choose Properties from the context menu.
    Click the Advanced system settings link.
    Click Environment Variables. In the section System Variables, find the PATH environment variable and select it. Click Edit. If the PATH environment variable does not exist, click New.
    In the Edit System Variable (or New System Variable) window, specify the value of the PATH environment variable. Click OK. Close all remaining windows by clicking OK.

Note: You may see a PATH environment variable similar to the following when editing it from the Control Panel:

%JAVA_HOME%\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

Variables enclosed in percentage signs (%) are existing environment variables. If one of these variables is listed in the Environment Variables window from the Control Panel (such as JAVA_HOME), then you can edit its value. If it does not appear, then it is a special environment variable that the operating system has defined. For example, SystemRoot is the location of the Microsoft Windows system folder. To obtain the value of a environment variable, enter the following at a command prompt. (This example obtains the value of the SystemRoot environment variable):

echo %SystemRoot%

Update the PATH Variable (Solaris and Linux)

You can run the JDK just fine without setting the PATH variable, or you can optionally set it as a convenience. However, you should set the path variable if you want to be able to run the executables (javac, java, javadoc, and so on) from any directory without having to type the full path of the command. If you do not set the PATH variable, you need to specify the full path to the executable every time you run it, such as:

% /usr/local/jdk1.7.0/bin/javac MyClass.java

To find out if the path is properly set, execute:

% java -version

This will print the version of the java tool, if it can find it. If the version is old or you get the error java: Command not found, then the path is not properly set.

To set the path permanently, set the path in your startup file.

For C shell (csh), edit the startup file (~/.cshrc):

set path=(/usr/local/jdk1.7.0/bin $path)

For bash, edit the startup file (~/.bashrc):

PATH=/usr/local/jdk1.7.0/bin:$PATH
export PATH

For ksh, the startup file is named by the environment variable, ENV. To set the path:

PATH=/usr/local/jdk1.7.0/bin:$PATH
export PATH

For sh, edit the profile file (~/.profile):

PATH=/usr/local/jdk1.7.0/bin:$PATH
export PATH

Then load the startup file and verify that the path is set by repeating the java command:

For C shell (csh):

% source ~/.cshrc
% java -version

For ksh, bash, or sh:

% . /.profile
% java -version

Checking the CLASSPATH variable (All platforms)

The CLASSPATH variable is one way to tell applications, including the JDK tools, where to look for user classes. (Classes that are part of the JRE, JDK platform, and extensions should be defined through other means, such as the bootstrap class path or the extensions directory.)

The preferred way to specify the class path is by using the -cp command line switch. This allows the CLASSPATH to be set individually for each application without affecting other applications. Setting the CLASSPATH can be tricky and should be performed with care.

The default value of the class path is ".", meaning that only the current directory is searched. Specifying either the CLASSPATH variable or the -cp command line switch overrides this value.

To check whether CLASSPATH is set on Microsoft Windows NT/2000/XP, execute the following:

C:> echo %CLASSPATH%

On Solaris or Linux, execute the following:

% echo $CLASSPATH

If CLASSPATH is not set you will get a CLASSPATH: Undefined variable error (Solaris or Linux) or simply %CLASSPATH% (Microsoft Windows NT/2000/XP).

To modify the CLASSPATH, use the same procedure you used for the PATH variable.

Class path wildcards allow you to include an entire directory of .jar files in the class path without explicitly naming them individually. For more information, including an explanation of class path wildcards, and a detailed description on how to clean up the CLASSPATH environment variable, see the Setting the Class Path technical note in Oracle documentation.

- Srikanth Govada