WAS v8.5 > Develop applications > Develop security > Develop extensions to the WebSphere security infrastructure

Implement custom password encryption

WebSphere Application Server supports the use of custom password encryption.

An installation can implement any password encryption algorithm it chooses.

To implement custom password encryption:

  1. Build your custom password encryption class. An example of a custom password encryption class follows.
    // CustomPasswordEncryption
    // Encryption and decryption functions
    public interface CustomPasswordEncryption {
        public EncryptedInfo encrypt(byte[] clearText) throws PasswordEncryptException;
        public byte[] decrypt(EncryptedInfo cipherTextInfo) throws PasswordEncryptException;
        public void initialize(HashMap initParameters);};
    // Encapsulation of cipher text and label
    public class EncryptedInfo {
        public EncryptedInfo(byte[] bytes, String keyAlias);
        public byte[] getEncryptedBytes();
        public String getKeyAlias();};

  2. If you need to custom encode passwords in property files, manually edit the PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat file.

    1. Use a file editor to open the PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat file.
    2. Locate the following lines near the end of the file:
      "%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE%   
      "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher         
      com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2

    3. Add following lines to the call.

      These custom properties will be passed to the command so that PropFilePasswordEncoder will look for custom encoding classes and utilize it.

      -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true    
      -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file)

    The updated lines should look like the following lines:

    "%JAVA_HOME%/bin/java" -Dcmd.properties.file=%TMPJAVAPROPFILE%          
    -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true    
    -Dcom.ibm.wsspi.security.crypto.customPasswordEncryptionClass=(customEncoding class file)                                                       
    "-Dwas.install.root=%WAS_HOME%" com.ibm.ws.bootstrap.WSLauncher         
    com.ibm.ws.security.util.PropFilePasswordEncoder %1 %2

  3. Enable custom password encryption.

    1. Set the custom property com.ibm.wsspi.security.crypto.customPasswordEncryptionClass to the name of the class that is to be given control.

    2. Enable the function. Set the custom property, com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled to true.


Results

Custom password encryption at the installation is complete.


Related


Develop extensions to the WebSphere security infrastructure


+

Search Tips   |   Advanced Search