How To
Summary
This article shows how to set up a custom password encryption for WebSphere Liberty
Environment
- This article was tested with WebSphere Liberty 21.0.0.1 on Windows 10.
- In this example, server name is "test"
Steps
Directory | File | Notes | |
\wlp\usr\extension\lib | com.ibm.websphere.crypto.sample.customencryption_1.0.jar | This file contains the custom encryption logic. | |
\wlp\usr\extension\lib\features | customEncryption-1.0.mf | This file makes Liberty aware there is a user feature. | |
\wlp\usr\servers\(server_name) | server.xml |
\wlp\usr\servers\test\server.xml
The server name in this example is "test"
|
|
\wlp\bin\tools\extensions\ws-customPasswordEncryption | customEncryption.jar | This file tells securityUtility to use the user feature. |
<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>webProfile-8.0</feature>
<feature>usr:customEncryption-1.0</feature>
</featureManager>
<!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443" />
<!-- Automatically expand WAR files and EAR files -->
<applicationManager autoExpand="true"/>
<keyStore id="defaultKeyStore" password="secret" />
<!-- keyStore id="defaultKeyStore" password="{custom}OhT339Bw3wymUcP92Mkz+Q==" /-->
</server>
[2/11/21 16:56:50:292 EST] 00000020 com.ibm.ws.crypto.util.PasswordCipherUtil I CWWKS1850I: The custom password encryption service has started. The class name is com.ibm.websphere.crypto.sample.customencryption.CustomEncryptionImpl.
[2/11/21 16:56:52:776 EST] 0000002d com.ibm.ws.kernel.feature.internal.FeatureManager A CWWKF0012I: The server installed the following features: [appSecurity-2.0, appSecurity-3.0, beanValidation-2.0, cdi-2.0, distributedMap-1.0, ejbLite-3.2, el-3.0, jaspic-1.1, jaxrs-2.1, jaxrsClient-2.1, jdbc-4.2, jndi-1.0, jpa-2.2, jpaContainer-2.2, jsf-2.3, jsonb-1.0, jsonp-1.1, jsp-2.3, managedBeans-1.0, servlet-4.0, ssl-1.0, usr:customEncryption-1.0, webProfile-8.0, websocket-1.1].
C:\wlp\bin > securityUtility encode --listCustom
[{"name":"custom","featurename":"usr:customEncryption-1.0","description":"%description"}]
C:\wlp-21.0.0.1\wlp\bin > securityUtility encode --encoding=custom secret
{custom}OhT339Bw3wymUcP92Mkz+Q==
<!-- keyStore id="defaultKeyStore" password="secret" /-->
<keyStore id="defaultKeyStore" password="{custom}OhT339Bw3wymUcP92Mkz+Q==" />
[3/31/21 21:37:32:638 EDT] 00000029 com.ibm.ws.ssl.config.WSKeyStore I Successfully loaded default keystore: c:/LibertyRuntime/wlp-webProfile8-21.0.0.1/wlp/usr/servers/test/resources/security/key.p12 of type: PKCS12 |
Additional Information
- com.ibm.websphere.crypto.sample.customencryption_1.0.jar
- customEncryption-1.0.mf
- server.xml
- customEncryption.jar
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
31 March 2021
UID
ibm16439321