Tuesday, October 24, 2017

Encrypt and Decrypt text in Weblogic

Encryption and Decryption in Weblogic

2 Options to Encrypt
1 method for Decryption
Opt 1
. /u01/app/oracle/product/fmw/user_projects/domains/<your domain>/bin/setDomainEnv.sh
java weblogic.security.Encrypt <user name to be encrupted w/o quotes>
. /u01/app/oracle/product/fmw/user_projects/domains/<your domain>/bin/setDomainEnv.sh
Not Applicable; as weblogic.security.Decrypt method in unavailable
Opt2
/u01/app/oracle/product/fmw/wlserver_10.3/common/bin/wlst.sh
wls:/offline> domain="/u01/app/oracle/domains/<your domain>"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.encrypt("Welcome1")
{AES}DY2vfJ80wx72i8GUhNYFgiPsxr2ImFBrpOmUYcfMFBo=
/u01/app/oracle/product/fmw/wlserver_10.3/common/bin/wlst.sh
wls:/offline> domain="/u01/app/oracle/domains/<your domain>"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}DY2vfJ80wx72i8GUhNYFgiPsxr2ImFBrpOmUYcfMFBo=")
Welcome1


If you are getting error show below, then most likely the encrypted password present in boot.properties has a trailing / in it. 

For example, if the encrypted password is "{AES}7KmECUnp+AwDeuDSvXw4MlvyoQfoR7uGEequQKVW2wE/=", 
then change it to:
"{AES}7KmECUnp+AwDeuDSvXw4MlvyoQfoR7uGEequQKVW2wE="

Traceback (innermost last):
  File "<console>", line 1, in ?
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)

Saturday, October 7, 2017

Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac Permission denied

Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

 

OIM Weblogic Admin Server Failed to start with below error. Sometimes, Admin server may start but the managed server may FAIL to Restart, with similar errors.

<Notice> <Log Management> <BEA-170019> <The server log file /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>

Dec 10, 2017 2:04:16 AM oracle.security.jps.az.internal.runtime.service.PDPServiceImpl oracle.security.jps.az.internal.runtime.service.PDPServiceImpl

SEVERE: Cannot read the default policy store.

oracle.security.jps.service.policystore.PolicyStoreException: java.io.FileNotFoundException: /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeStateCheck(FileCacheHelper.java:241)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused by: java.io.FileNotFoundException: /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)

at java.io.FileOutputStream.open(Native Method)

at java.io.FileOutputStream.<init>(FileOutputStream.java:221)

at java.io.FileOutputStream.<init>(FileOutputStream.java:171)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:633)

at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:606)

 

Resolution:

-         Change permission of the file from root to oracle (or the application owner)

-         $ chown oracle:oracle /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac

-         Also remove (backup) the stage, data, tmp and cache folders from AdminServer. Do the same for managed servers if they were started as well, following the Adminserver startup with root user

-         Restart the Admin and managed servers

Cause:

-         It appears the Admin server was started using root user