Want to show your appreciation? Please to my charity.

Saturday, April 29, 2006

How to recover WebLogic admin password from boot.properties file

A friend came to me with a kind of locked out WebLogic 8.1 domain. He could still start the server but he didn't know the password for admin console. The fact that he could still start the server was because the username and password are stored in the boot.properties under domain directory. But they are encrypted. I told my friend that the password in the boot.properties must be a reversible as WebLogic itself needs the password to start the server. We searched string "boot.properties" in all the class files in the weblogic.jar file to find the class that does the magic. It's weblogic.security.internal.BootProperties. After 2 hours of try, we end up with code below:

import weblogic.security.internal.BootProperties;

public class RecoverPassword { 

  public static void main(String[] args) { 
    BootProperties.load(null, false);  // tested with 8.1
    // BootProperties.load("fullPathToBootPropertiesFile", false); // tested with 10.3
    BootProperties bootp = BootProperties.getBootProperties(); 

    System.out.println( 
      "#####################[" + 
       bootp.getOneClient() + "/" + bootp.getTwoClient() + 
       "]###################"); 
  }

}

Update 6/20/2009: Since many people asked me about later version of WebLogic. I took a look at the latest version 10.3 as of today. It turned out that BEA changed it a little bit. My original code, which was written for 8.1, throws the NullPointerException. But the fix is also simple, just change the call to BootProperties.load by giving the path to the boot.properties file.

We placed the above RecoverPassword.java file in c:\recover directory and compiled it. Then made a copy of startWebLogic.cmd to C:\recover\recoverPassword.cmd and added a few lines to it, nearly the end of file(first and last are existing lines).

%JAVA_HOME%\bin\java %JAVA_VM% -version
SET CLASSPATH=C:\recover;%CLASSPATH% echo %CLASSPATH%
SET SERVER_CLASS=RecoverPassword
SET doExitFlag=false
if "%WLS_REDIRECT_LOG%"=="" (

Now cd to the domain home and execute c:\recover\recoverPassword, we have the password back :-)

18 comments:

Sagar said...

Thanx a lot. worked for me. I had to change Syntax to System.out.println(bootp.getOne() + "/" + bootp.getTwo()); & Needs weblogic.jar to compile.

R said...

Thanks to both of you. I tried to follow the steps but I'm getting error message when I run RecoverPassword.sh file. Please help. Weblogic is running on Red Hat linux. Much appreciated.

R


Java(TM) SE Runtime Environment (build 1.6.0_05-b13)
BEA JRockit(R) (build R27.6.0-50_o-100423-1.6.0_05-20080626-2104-linux-ia32, compiled mode)
./RecoverPassword.sh: line 180: export: `:/bea/beahome103/patch_wlw1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/bea/beahome103/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/bea/beahome103/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/bea/beahome103/jrockit_160_05/lib/tools.jar:/bea/beahome103/wlserver_10.3/server/lib/weblogic_sp.jar:/bea/beahome103/wlserver_10.3/server/lib/weblogic.jar:/bea/beahome103/modules/features/weblogic.server.modules_10.3.0.0.jar:/bea/beahome103/wlserver_10.3/server/lib/webservices.jar:/bea/beahome103/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/bea/beahome103/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar::/bea/beahome103/wlserver_10.3/common/eval/pointbase/lib/pbclient57.jar:/bea/beahome103/wlserver_10.3/server/lib/xqrl.jar::': not a valid identifier
Starting WLS with line:
/bea/beahome103/jrockit_160_05/bin/java -jrockit -Xms256m -Xmx512m -da -Dplatform.home=/bea/beahome103/wlserver_10.3 -Dwls.home=/bea/beahome103/wlserver_10.3/server -Dweblogic.home=/bea/beahome103/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/bea/beahome103/patch_wlw1030/profiles/default/sysext_manifest_classpath:/bea/beahome103/patch_wls1030/profiles/default/sysext_manifest_classpath:/bea/beahome103/patch_cie660/profiles/default/sysext_manifest_classpath -Dweblogic.Name=adminserver -Djava.security.policy=/bea/beahome103/wlserver_10.3/server/lib/weblogic.policy RecoverPassword
Exception in thread "Main Thread" java.lang.NullPointerException
at RecoverPassword.main(RecoverPassword.java:9)

Kenneth Xu said...

R, please see the update and let me know if it works for you.

Anonymous said...

It works for 9.2

Thanks, you saved me half a days' work, plus the embarrassment of telling the customer that weblogic has to be redeployed.

Anonymous said...

thanks a lot !!

Anonymous said...

I got the following error message if I compile the RecoverPassword.java

import weblogic.security.internal.BootProperties;

public class RecoverPassword {

public static void main(String[] args) {
// BootProperties.load(null, false); // tested with 8.1
BootProperties.load("fullPathToBootPropertiesFile", false); // tested with 10.3
BootProperties bootp = BootProperties.getBootProperties();

System.out.println(bootp.getOne() + "/" + bootp.getTwo());
}

}

/u00/oracle/bea/Middleware/jrockit_160_05_R27.6.2-20/bin/javac -classpath /u00/oracle/bea/Middleware/wlserver_10.3/server/lib/weblogic.jar RecoverPassword.java
RecoverPassword.java:10: getOne(weblogic.security.acl.internal.AuthenticatedSubject) in weblogic.security.internal.BootProperties cannot be applied to ()
System.out.println(bootp.getOne() + "/" + bootp.getTwo());
^
RecoverPassword.java:10: getTwo(weblogic.security.acl.internal.AuthenticatedSubject) in weblogic.security.internal.BootProperties cannot be applied to ()
System.out.println(bootp.getOne() + "/" + bootp.getTwo());

Any advice for me?

Shashi said...

Hi Kenneth/anyone,

I compiled the .class file but my StartWeblogic.cmd does not have those lines you indicate it should already have:
%JAVA_HOME%\bin\java %JAVA_VM% -version
...
if "%WLS_REDIRECT_LOG%"=="" (

Instead it has:
@ECHO OFF

@REM WARNING: This file is created by the Configuration Wizard.
@REM Any changes to this script may be lost when adding extensions to this configuration.

SETLOCAL

set DOMAIN_HOME=C:\Oracle\Middleware\user_projects\domains\base_domain

call "%DOMAIN_HOME%\bin\startWebLogic.cmd" %*

ENDLOCAL


I tried inserting the following lines:
SET CLASSPATH=C:\recover;%CLASSPATH% echo %CLASSPATH%
SET SERVER_CLASS=RecoverPassword
SET doExitFlag=false

before and after the line:
call "%DOMAIN_HOME%\bin\startWebLogic.cmd" %*

but could not see any output of the userid password in the console windows or the admin.log file.

Do I need any other commands in the .cmd file? Or is there something else I am missing?

A quick reply would be highly appreciated. Thanks in advance.

Shashi Sastry

Yogeshwar said...

Following steps work fine on 10.3 version on windows

1. run the setEnv.cmd or setDomainEnv.cmd command from domain/bin folder.

2. Add . to classpath by using set CLASSPATH=.;%CLASSPATH%

3. compile and run RecoverPassword.java (Do update it with boot.properties file path as mentioned before)

DGV said...

Phew...Thanks a lot...this saved us a lot of trouble. Much appreciated.

Anonymous said...

In my startWebLogic.cmd SERVER_CLASS was never used and weblogic.Server was used directly. So I just had to replace weblogic.Server with %SERVER_CLASS% and it worked super terrifically. Thanks for this super hack Ken!

bradtumy said...

Kenneth -

I came across your blog when searching on how to "discover" my WLS password, that I had forgotten. I needed to make a few changes for my Linux environment but for the most part your work was dead on. I updated my blog with the changes that I made and some additional information. In the first paragraph of my post I give you full credit for all of the work.

Thanks,
Brad

http://blog.tumy-tech.com/2011/01/05/recover-weblogic-server-admin-password-on-linu/

Kenneth Xu said...

@bradtumy, I'm glad this post helped you and thanks for linking back to me.

Anonymous said...

Hi !!, I m doing this on windows 7, but that not work. Can you post a steps for do this ?? please. Thanks

Anonymous said...

where to find the imported jar man...i m into this for way too long but havent figured out on how to do so...can anyone help me out?

Anonymous said...

I got the library jar...but now i am facing a new problem... i m getting

"Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/security/service/PrivilegedActions"

Anyone have any clues as to wat other jar must i include other than weblogic.jar?

Anonymous said...

Thank you very much!!! I was able to retrieve the password.

MGR said...

Thank you very much for this.
On a Unix with heavily customized scripts, it needed some work to get the result, but it did it!!
It did work on 10.3 in the initial way (getOneClient()) , because getOne() needs a parameter that I did not know.
Important: it makes things easier to run first the setDomainEnv script.

For me, apart for a solution to a problem, it was a great lesson of using Java for Weblogic admin tasks.
Again, thank you.

Kenneth Xu said...

@MGR, thanks for your feedback. I'm glad that it worked for you.

Post a Comment