fb
Uncategorized 3 min

WSO2TORIAL: Changing passwords in WSO2

Yenlo
Integration Experts
WSO2TORIAL 7
Scroll
WSO2TORIAL.jpeg

In this episode of our WSO2 tutorialWhen you want to use WSO2 products for anything else than a local test, the default passwords of course need to be changed. The most prominent is of course the admin password (conveniently chosen as  ‘admin’) for the ‘super admin’ of the WSO2 product. This needs to be done in the Management Console on the Configure Tab / Users & Roles. We will explain how to change this password in two ways, first if you know what the current admin password is, and second if you do not.

Banner-WSO2-Community-1-17

User-mgt.xml

As you may know, in some config files WSO2 passwords are stored in plain text. There is also an entry in the user-mgt.xml file in the /repository/conf folder for the admin password. This is however only used once, at the first startup. After that the password is stored in the primary user store. So you can only change it (where the change is actually effective) before you start the product for the first time.

24_dec_no_1.png

As you may know, in some config files WSO2 passwords are stored in plain text. There is also an entry in the user-mgt.xml file in the /repository/conf folder for the admin password. This is however only used once, at the first startup. After that the password is stored in the primary user store. So you can only change it (where the change is actually effective) before you start the product for the first time.

If you still know the admin password, changing it is quite easy.

This is done via the Management console of the WSO2 product that you are using and that is available through the browser. If you installed the product on your own pc without any changes in port offset you can access it via https://localhost:9943/carbon. Login with the admin credentials (default is admin / admin), Go to the Configure Tab and select Users and Roles.

24_dec_no_2.png

After that, select Change My password.

224_dec_no_3.png

You enter the current password and the new password to change it. As a side note, the administrator is the only one who can change a user’s password without having to know the old password.

Although you can go to the Users and find the admin user you cannot change the password that way (without typing in the current password). You will get an error when you try that.  

224_dec_no_4.png

I do not know the admin password

If you have forgotten the admin password (and therefore cannot access the Management Console) not everything is lost. Just follow the instructions for Changing User Passwords in the Carbon Database.

Basically, you will use a .BAT file or .SH script to change the password. This file can be found in the /bin directory and is called chpasswd.bat (or .sh). What that script does is call the ANT program (to build a java .JAR file) from the build.xml file in the bin directory. In this process an application is built that is able to overwrite the password directly in the user table of the WSO2CARBON_DB database that you will find in the$CARBON_HOME/repository/database directory. More information about the WSO2 Carbon framework can be found here.   

The command line options available for chpasswd is as follows:

Command Line Option

Description

Mandatory?

–db-url

The database URL

Yes

–db-driver

The database driver class

No

–db-username

The username for the database

No

–db-password

The password for the database

No

–username

The username of the user whose password is to be changed. 
If this is not given, you will be prompted for this field later.

No

–new-password

The new password of the user whose password is to be changed. 
If this is not given, you will be prompted for this field later.

No

For example,

chpasswd --db-url "jdbc:h2:$CARBON_HOME/repository/database/WSO2CARBON_DB"

 On Windows: chpasswd.bat --db-url "jdbc:h2:$CARBON_HOMErepositorydatabaseWSO2CARBON_DB"

If you omit for instance the username or new password you will be prompted for them.

The following message is displayed if the password is updated successfully:

Password of user [username] updated successfully

Configuration of passwords

The user-mgt.xml file also contains the regular expressions that govern the passwords length and strength as well as the length of the usernames. All of these are captured in something that is called a Regular Expression (or RegEx) for short.

Below you will see the expressions:

<Property name="PasswordJavaRegEx">^[S]{5,30}$</Property>

<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>

<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}|&lt;&gt;,'"]{3

Full API lifecycle Management Selection Guide

WHITEPAPER

smartmockups l0qqucke