通過修改jdbc配置檔案方式修改Weblogic資料來源密碼

neverinit發表於2017-07-22
JDBCWeb密碼
注:假定環境中其中一個的weblogic域名為cams,資料來源為CAMSDB

(1)直接修改weblogic的資料來源配置檔案中密文密碼為最新的明文密碼【首次嘗試,以失敗告終,weblogic並沒用將JDBC配置檔案中的密碼從明文自動轉化成為密文,並遇到了新問題】
進入JDBC配置檔案所在路徑
[cams@mymc1 jdbc]$ cd /home/cams/bea/middleware/user_projects/domains/cams/config/jdbc
開啟配置檔案並進行修改
[cams@mymc1 jdbc]$ vi CAMSDB-2211-jdbc.xml
將XXX中的密文密碼改為明文密碼

然後啟動weblogic域,並檢視啟動日誌
[cams@mymc1 jdbc]$ cd /home/cams/bea/middleware/user_projects/domains/cams
[cams@mymc1 jdbc]$ nohup ./startWebLogic.sh &
[cams@mymc1 jdbc]$ tail -f nohup.out

發現如下報錯資訊:

  1. <2016-9-12 下午10時22分47秒 CST> <Error> <J2EE> <BEA-160197> <Unable to load descriptor java.net.URLClassLoader@6639c8c1/null of module null. The error is weblogic.descriptor.DescriptorException: Unmarshaller failed
  2.     at weblogic.descriptor.internal.MarshallerFactory$1.createDescriptor(MarshallerFactory.java:161)
  3.     at weblogic.descriptor.BasicDescriptorManager.createDescriptor(BasicDescriptorManager.java:323)
  4.     at weblogic.application.descriptor.AbstractDescriptorLoader2.getDescriptorBeanFromReader(AbstractDescriptorLoader2.java:788)
  5.     at weblogic.application.descriptor.AbstractDescriptorLoader2.createDescriptorBean(AbstractDescriptorLoader2.java:409)
  6.     at weblogic.application.descriptor.AbstractDescriptorLoader2.loadDescriptorBeanWithoutPlan(AbstractDescriptorLoader2.java:759)
  7.     at weblogic.application.descriptor.AbstractDescriptorLoader2.loadDescriptorBean(AbstractDescriptorLoader2.java:768)
  8.     at weblogic.jdbc.module.JDBCDeploymentHelper.getJDBCDataSourceBean(JDBCDeploymentHelper.java:186)
  9.     at weblogic.jdbc.module.JDBCDeploymentHelper.createJDBCDataSourceDescriptor(JDBCDeploymentHelper.java:51)
  10.     at weblogic.management.mbeans.custom.JDBCSystemResource.loadDescriptor(JDBCSystemResource.java:60)
  11.     at weblogic.management.mbeans.custom.ConfigurationExtension.getExtensionRoot(ConfigurationExtension.java:178)
  12.     at weblogic.management.mbeans.custom.JDBCSystemResource.getJDBCResource(JDBCSystemResource.java:45)
  13.     at weblogic.management.mbeans.custom.JDBCSystemResource._postCreate(JDBCSystemResource.java:50)
  14.     at weblogic.management.configuration.JDBCSystemResourceMBeanImpl._postCreate(JDBCSystemResourceMBeanImpl.java:355)
  15.     at weblogic.descriptor.internal.AbstractDescriptorBean._postCreate(AbstractDescriptorBean.java:670)
  16.     at weblogic.management.configuration.DomainMBeanImpl.setJDBCSystemResources(DomainMBeanImpl.java:11820)
  17.     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  18.     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  19.     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  20.     at java.lang.reflect.Method.invoke(Method.java:597)
  21.     at com.bea.staxb.runtime.internal.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:48)
  22.     at com.bea.staxb.runtime.internal.RuntimeBindingType$BeanRuntimeProperty.setValue(RuntimeBindingType.java:539)
  23.     at com.bea.staxb.runtime.internal.AttributeRuntimeBindingType$QNameRuntimeProperty.fillCollection(AttributeRuntimeBindingType.java:381)
  24.     at com.bea.staxb.runtime.internal.MultiIntermediary.getFinalValue(MultiIntermediary.java:52)
  25.     at com.bea.staxb.runtime.internal.AttributeRuntimeBindingType.getFinalObjectFromIntermediary(AttributeRuntimeBindingType.java:140)
  26.     at com.bea.staxb.runtime.internal.UnmarshalResult.unmarshalBindingType(UnmarshalResult.java:200)
  27.     at com.bea.staxb.runtime.internal.UnmarshalResult.unmarshalDocument(UnmarshalResult.java:169)
  28.     at com.bea.staxb.runtime.internal.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:65)
  29.     at weblogic.descriptor.internal.MarshallerFactory$1.createDescriptor(MarshallerFactory.java:150)
  30.     at weblogic.descriptor.BasicDescriptorManager.createDescriptor(BasicDescriptorManager.java:323)
  31.     at weblogic.management.provider.internal.DescriptorManagerHelper.loadDescriptor(DescriptorManagerHelper.java:68)
  32.     at weblogic.management.provider.internal.RuntimeAccessImpl$IOHelperImpl.parseXML(RuntimeAccessImpl.java:690)
  33.     at weblogic.management.provider.internal.RuntimeAccessImpl.parseNewStyleConfig(RuntimeAccessImpl.java:270)
  34.     at weblogic.management.provider.internal.RuntimeAccessImpl.<init>(RuntimeAccessImpl.java:115)
  35.     at weblogic.management.provider.internal.RuntimeAccessService.start(RuntimeAccessService.java:41)
  36.     at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
  37.     at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
  38.     at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:881)
  39.     at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:568)
  40.     at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
  41.     at weblogic.Server.main(Server.java:71)
  42. Caused by: com.bea.xml.XmlException: java.lang.IllegalArgumentException: In production mode, it's not allowed to set a clear text value to the property: PasswordEncrypted of JDBCDriverParamsBean
  43.     at com.bea.staxb.runtime.internal.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:54)
  44.     at com.bea.staxb.runtime.internal.RuntimeBindingType$BeanRuntimeProperty.setValue(RuntimeBindingType.java:539)
  45.     at com.bea.staxb.runtime.internal.ByNameRuntimeBindingType$ElementQNameProperty.fill(ByNameRuntimeBindingType.java:351)
  46.     at com.bea.staxb.runtime.internal.LiteralUnmarshalResult.extractAndFillElementProp(LiteralUnmarshalResult.java:159)
  47.     at com.bea.staxb.runtime.internal.ByNameUnmarshaller.deserializeContents(ByNameUnmarshaller.java:51)
  48.     at com.bea.staxb.runtime.internal.AttributeUnmarshaller.unmarshalIntoIntermediary(AttributeUnmarshaller.java:47)
  49.     at com.bea.staxb.runtime.internal.LiteralUnmarshalResult.unmarshalElementProperty(LiteralUnmarshalResult.java:184)
  50.     at com.bea.staxb.runtime.internal.LiteralUnmarshalResult.extractAndFillElementProp(LiteralUnmarshalResult.java:156)
  51.     at com.bea.staxb.runtime.internal.ByNameUnmarshaller.deserializeContents(ByNameUnmarshaller.java:51)
  52.     at com.bea.staxb.runtime.internal.AttributeUnmarshaller.unmarshalIntoIntermediary(AttributeUnmarshaller.java:47)
  53.     at com.bea.staxb.runtime.internal.UnmarshalResult.unmarshalBindingType(UnmarshalResult.java:199)
  54.     at com.bea.staxb.runtime.internal.UnmarshalResult.unmarshalDocument(UnmarshalResult.java:169)
  55.     at com.bea.staxb.runtime.internal.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:65)
  56.     at weblogic.descriptor.internal.MarshallerFactory$1.createDescriptor(MarshallerFactory.java:150)
  57.     ... 39 more
  58. Caused by: java.lang.IllegalArgumentException: In production mode, it's not allowed to set a clear text value to the property: PasswordEncrypted of JDBCDriverParamsBean
  59.     at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.setPasswordEncrypted(JDBCDriverParamsBeanImpl.java:430)
  60.     at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.setPasswordEncryptedAsString(JDBCDriverParamsBeanImpl.java:276)
  61.     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  62.     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  63.     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  64.     at java.lang.reflect.Method.invoke(Method.java:597)
  65.     at com.bea.staxb.runtime.internal.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:48)
  66.     ... 52 more
  67. .>
  68. <2016-9-12 下午10時22分47秒 CST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: weblogic.management.ManagementRuntimeException: weblogic.application.ModuleException: >


(2)查詢問題的解決方案weblogic不能啟動:PasswordEncrypted of JDBCDriverParamsBean問題
找到解決方案連結如下:
http://oraclemiddlewareblog.com/2012/04/25/unable-to-start-weblogic-passwordencrypted-of-serverstartmbean/

內容如下:

  1. The Weblogic administration server is not starting and the complete error message is:

  3. “In production mode, it’s not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean”

  5. If this is occurring in Weblogic versions 10.3.1 or earlier, then it is a known bug with the administration console. The bug will cause a <password-encrypted> tag of a certain weblogic instance in your domain to be set to a null value in the config.xml. This will happen if you modify some startup arguments of that instance in the administration console. Weblogic will interpret the null value as a plain text password, which is not allowed in a production domain, thus the error in starting the server.

  7. There is a patch that you can apply for this issue, but there are also some quick workarounds that might prove very useful if there is a time constraint for starting the administration service.


  10. The first solution, and the one that is recommended since it is the final fix is to apply the patch delivered by Oracle for this issue:

  12. – PKJ1 for Weblogic 10.3.1
  13. – 6RDR for Weblogic 10.3

  15. Both patches are released for generic platforms. If you are having a hard time identifying these patches in the new My Oracle Support site, please check out this post for instructions on how to find “old style” Weblogic patches in My Oracle Support.

  17. Then, there are a few workarounds that you can quickly apply based on your needs:

  19. 1. The quickest solution is to switch your domain to Development mode. This will allow you to start the administration server, but take into consideration the implications that this change has on the runtime of the server, such as different logging levels and runtime performance.

  21. 2. Another way you can solve this issue is to simply copy the value of the empty tag from another instance in your domain. Locate another instance in the config.xml for which you have the <password-encrypted> tag correctly defined and copy it to the empty tag.

  23. <password-encrypted>{AES}ve8cqLahYHyy8prbAudZTIyRvk4rNG+7kKvANZdaJzU=</password-encrypted>

  25. 3. If you simply do not have the encrypted password, you can encrypt it yourself using a utility provided by Weblogic:

  27. – Run $DOMAIN_HOME/bin/setDomainEnv.sh so set the environment variables for your domain
  28. – Execute: ‘java weblogic.security.Encrypt’
  29. – Enter the password in clear text and the encrypted value will be returned in the output. Copy that in the empty tag in the config.xml and restart the administration server.
因為我所使用的weblogic版本是10.3.6.0,所以不是缺陷的問題。這裡給出了三種建議,第一種是切換domain到開發模式,顯然不合適;第二種是從其他例項拷貝密碼標籤的值,因為資料庫中每個使用者的密碼都是不一樣的,顯然不適用;第三種是使用weblogic提供的工具將明文轉化成為密文,然後進行替換,這是一種可行的方案。

(3)按照上述第三種方法執行【再次遇到錯誤

  1. [cams@mymc1 bin]$ cd /home/cams/bea/middleware/user_projects/domains/cams/bin
  2. [cams@mysc1 bin]$ setDomainEnv.sh
  3. [cams@mymc1 bin]$ java weblogic.security.Encrypt
  4. Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/security/Encrypt
  5. Caused by: java.lang.ClassNotFoundException: weblogic.security.Encrypt
  6.     at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
  7.     at java.security.AccessController.doPrivileged(Native Method)
  8.     at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  9.     at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  10.     at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
  11.     at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
  12. Could not find the main class: weblogic.security.Encrypt. Program will exit.

(4)接著查詢該問題的處理方案【成功執行並生成了新的密文

  1. encrypting password in weblogic (get java.lang.ClassNotFoundException:)
  2. if you need to encrypt password and get java.lang.ClassNotFoundException: weblogic.security.Encrypt then use this way /app/bea/WLS1031/jdk/bin/java -cp /app/bea/WLS1031/wlserver_10.3/server/lib/weblogic.jar:$java weblogic.security.Encrypt yourpassword
  3. PS: i have called java cause it was not in my env.
  4. if you already have java in your env then /opt/bea/WLS1031/wlserver_10.3/server/lib/weblogic.jar:$java weblogic.security.Encrypt yourpassword
參考上文,執行命令如下:【注:標黃的password處輸入真實的明文密碼,可自動輸出為密文

  1. [cams@mymc1 ~]$ cp /home/cams/bea/middleware/wlserver_10.3/server/lib/weblogic.jar /home/cams/bea/middleware/user_projects/domains/cams/
  2. [cams@mymc1 ~]cd /home/cams/bea/middleware/user_projects/domains/cams/
  3. [cams@mymc1 cams]java -cp weblogic.jar weblogic.security.Encrypt password
這裡得到資料來源CAMSDB的密碼的密文為:【注:相同的明文在不同的weblogic下生成的密文不同

{AES}dUH3nDtUg3LfPBCngOAAPFgsIW4gVRPyD25aibk4zVQ=

這裡測試在另外一個weblogic下生成的密文為:

{AES}GA2sa2jSBeEtCoyt2g6NxJS3JPIWth70Z7s6dmIJ1uM=


顯然兩個相同密碼在不同weblogic下生成的密文大不相同。



(5)修改weblogic的資料來源配置檔案中密文密碼為最新的密文密碼【還是遇到問題,賬戶鎖定了
進入JDBC配置檔案所在路徑
[cams@mymc1 jdbc]$ cd /home/cams/bea/middleware/user_projects/domains/cams/config/jdbc
開啟配置檔案並進行修改
[cams@mymc1 jdbc]$ vi CAMSDB-2211-jdbc.xml
將XXX中的密文密碼改為最新密文密碼

然後啟動weblogic域,並檢視啟動日誌
[cams@mymc1 jdbc]$ cd /home/cams/bea/middleware/user_projects/domains/cams
[cams@mymc1 jdbc]$ nohup ./startWebLogic.sh &
[cams@mymc1 jdbc]$ tail -f nohup.out

發現如下報錯資訊:


  1. weblogic.common.ResourceException: weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: ORA-28000: the account is locked
很顯然,是Oracle使用者使用錯誤的密碼嘗試連線的次數過多,導致賬戶被鎖定了

(6)處理最後的問題【結果再次遇到報錯,不細心造成的
這裡需要聯絡資料庫管理員,使用system或者sys使用者登入資料庫,執行查詢語句:

SQL>  select * from dba_users where account_status <> 'OPEN' ;

找到鎖定的使用者,然後執行解鎖語句:
SQL> alter user XXXX account unlock;

然後再次重啟,還是發現報錯資訊:


ORA-01017: invalid username/password; logon denied


經過檢查,因為在替換的時候,有一個密文替換錯了,導致資料來源連線失敗。這裡重新替換即可。

最終,weblogic啟動成功,一切OK!


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/31394774/viewspace-2142428/,如需轉載,請註明出處,否則將追究法律責任。

相關文章