In this episode of our WSO2 tutorial: When you want to use WSO2 products for anything else than a local test, the default passwords of course need to be changed. The most prominent is of course the admin password (conveniently chosen as ‘admin’) for the ‘super admin’ of the WSO2 product. This needs to be done in the Management Console on the Configure Tab / Users & Roles. We will explain how to change this password in two ways, first if you know what the current admin password is, and second if you do not.
User-mgt.xml
As you may know, in some config files WSO2 passwords are stored in plain text. There is also an entry in the user-mgt.xml file in the /repository/conf folder for the admin password. This is however only used once, at the first startup. After that the password is stored in the primary user store. So you can only change it (where the change is actually effective) before you start the product for the first time.
As you may know, in some config files WSO2 passwords are stored in plain text. There is also an entry in the user-mgt.xml file in the /repository/conf folder for the admin password. This is however only used once, at the first startup. After that the password is stored in the primary user store. So you can only change it (where the change is actually effective) before you start the product for the first time.
If you still know the admin password, changing it is quite easy.
This is done via the Management console of the WSO2 product that you are using and that is available through the browser. If you installed the product on your own pc without any changes in port offset you can access it via https://localhost:9943/carbon. Login with the admin credentials (default is admin / admin), Go to the Configure Tab and select Users and Roles.
After that, select Change My password.
You enter the current password and the new password to change it. As a side note, the administrator is the only one who can change a user’s password without having to know the old password.
Although you can go to the Users and find the admin user you cannot change the password that way (without typing in the current password). You will get an error when you try that.
I do not know the admin password
If you have forgotten the admin password (and therefore cannot access the Management Console) not everything is lost. Just follow the instructions for Changing User Passwords in the Carbon Database.
Basically, you will use a .BAT file or .SH script to change the password. This file can be found in the /bin directory and is called chpasswd.bat (or .sh). What that script does is call the ANT program (to build a java .JAR file) from the build.xml file in the bin directory. In this process an application is built that is able to overwrite the password directly in the user table of the WSO2CARBON_DB database that you will find in the$CARBON_HOME/repository/database
directory. More information about the WSO2 Carbon framework can be found here.
The command line options available for chpasswd is as follows:
Command Line Option |
Description |
Mandatory? |
–db-url |
The database URL |
Yes |
–db-driver |
The database driver class |
No |
–db-username |
The username for the database |
No |
–db-password |
The password for the database |
No |
–username |
The username of the user whose password is to be changed. |
No |
–new-password |
The new password of the user whose password is to be changed. |
No |
For example,
chpasswd --db-url "jdbc:h2:$CARBON_HOME/repository/database/WSO2CARBON_DB"
On Windows: chpasswd.bat --db-url "jdbc:h2:$CARBON_HOMErepositorydatabaseWSO2CARBON_DB"
If you omit for instance the username or new password you will be prompted for them.
The following message is displayed if the password is updated successfully:
Password of user [username] updated successfully
Configuration of passwords
The user-mgt.xml file also contains the regular expressions that govern the passwords length and strength as well as the length of the usernames. All of these are captured in something that is called a Regular Expression (or RegEx) for short.
Below you will see the expressions:
<Property name="PasswordJavaRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}|<>,'"]{3
Yenlo is the leading, global, multi-technology integration specialist in the field of API-management, Integration technology and Identity Management. Known for our strong focus on best-of-breed hybrid and cloud-based iPaaS technologies. Yenlo is the product leader and multi-award winner in WSO2, Boomi, MuleSoft and Microsoft Azure technologies and offers best-of-breed solutions from multiple leading integration vendors.