wlst connect 使用密文

Weblogic WLST storeuserconfig – Security Best Practice

weblogic wlst  storeuserconfig  --安全最佳实践

概要

当连接到一个Weblogic Scripting Tool  (WLST) 或者当运行任何WLST脚本.

我们可能使用明文用户名和密码 这会导致任何潜在的安全风险

为了避免使用它,Oracle推荐我们使用UserConfigFile and UserKeyFile

最好的例子使用这个keyfile来配置是当使用connect()方法拉来进入WLST online:

因此,相比使用代明文的connect:

connect("username","password","t3://localhost:7001")

你可以使用:

connect("userConfigFile='/home/aksarav/myuserconfigfile.secure', userKeyFile='/home/aksarav/myuserkeyfile.secure','t3://localhost:7001')

要连接到WLST 你可以使用connect方法,为了安全的连接到Administrator:



如何以简单的方式创建这些文件:

如何使用这些文件？

这是一个内置的方法命名为storeUserConfig()

你可以运行在WLST 交互模式或者脚本模式 

[weblogic@zjtlcb bin]$ java weblogic.WLST 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> connect()
Please enter your username :weblogic
Please enter your password :weblogic1
Please enter your server URL [t3://localhost:7001] :
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'base_domain'.

Warning: An insecure protocol was used to connect to the 
server. To ensure on-the-wire security, the SSL port or 
Admin port should be used instead.

wls:/base_domain/serverConfig> 
wls:/base_domain/serverConfig> storeUserConfig()
Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Do you want to create the key file? y or ny


The username and password that were used for this WebLogic Server connection are stored in /home/weblogic/weblogic-WebLogicConfig.properties and /home/weblogic/weblogic-WebLogicKey.properties.
wls:/base_domain/serverConfig> wls:/base_domain/serverConfig> wls:/base_domain/serverConfig> 


正如你前面的命令片段看到的,你只需要调用storeuserconfig（）方法，就可以将用户配置和用户密钥文件创建到主目录中

你可以提到用户配置文件和用户密钥文件的路径和文件名，如下所示



wls:/mwidomain/serverConfig/> storeUserConfig('/tmp/myuserconfigfile.secure', '/tmp/myuserkeyfile.secure')
Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Creating new key...
The username and password that were used for this WebLogic Server connection are stored in /tmp/myuserconfigfile.secure and /tmp/myuserkeyfile.secure.





connect(userConfigFile='/app/oracle/scripts/userconfig.secure',
userKeyFile='/app/oracle/scripts/userkey.secure',
url='t3://testwls01:7001')




[weblogic@zjtlcb bin]$ cat test_wlst_secure.py 
from java.util import *
from javax.management import *
import javax.management.Attribute
print 'starting the script .... '
connect(userConfigFile='/tmp/myuserconfigfile.secure',
userKeyFile='/tmp/myuserkeyfile.secure',
url='t3://127.0.0.1:7001')

ls()
aa= get('AppDeployments')
print type(aa)
for x in aa:
  print x
bb=get('Servers')
print bb
print type(bb)
for x in bb:
print x
print '-------------------------'
print get('AdminConsole')
cc= get('JDBCStores')
for x in cc:
  print x
dd=get('JoltConnectionPools')
for x in dd:
print x
ee=get('JMX')
print ee
ff=get('JMSSystemResources')
for x in ff:
  print x
jvmrtlist = home.getMBeansByType('JVMRuntime')
print jvmrtlist
print type(jvmrtlist)
print dir(jvmrtlist)
for jvmRT in jvmrtlist:
   print jvmRT
   print type(jvmRT)
disconnect()
exit()