5-16 Developing Custom Management Utilities With JMX for Oracle WebLogic Server } } If your class executes the remaining lines, it is because activating your saved changes failed. Optional: You can undo the saved changes that failed to activate. If you do not undo your saved changes, they will be activated the next time someone attempts to activate changes. try { { connection.invokecfgMgr, undoUnactivatedChanges, null, null; catchMBeanException e { Exception targetException = e.getTargetException; if targetException instanceof NotEditorException { ... throw new MyAppEditSessionFailede; } } Stop the edit session try { connection.invokecfgMgr, stopEdit, null, null; If your activation attempt fails and you are ready to abandon changes, there is no need to wait until your original timeout period to expire. You can stop editing immediately and you can safely ignore any wrapped NotEditorException. } catch MBeanException e { Exception targetException = e.getTargetException; if targetException instanceof NotEditorException { ignore } } ... Output the information about the error that caused the activation to fail. throw new MyAppEditSessionFailedconnection.getAttributetask, Error;

5.6 Setting and Getting Encrypted Values

To prevent unauthorized access to sensitive data such as passwords, some attributes in WebLogic Server configuration MBeans are encrypted. The attributes persist their values in the domains config.xml file as an encrypted string and represent the in-memory value in the form of an encrypted byte array. The names of encrypted attributes end with Encrypted. For example, the ServerMBean exposes the password that is used to secure access through the IIOP protocol in an attribute named DefaultIIOPPasswordEncrypted . To support backwards compatibility, and to enable remote JMX clients to set passwords for WebLogic Server MBeans, each encrypted attribute provides a less secure means to encrypt and set its value. The following sections describe how to work with encrypted attributes: ■ Section 5.6.1, Set the Value of an Encrypted Attribute Recommended Technique ■ Section 5.6.2, Set the Value of an Encrypted Attribute Compatibility Technique ■ Section 5.6.3, Back Up an Encrypted Value

5.6.1 Set the Value of an Encrypted Attribute Recommended Technique

To use this technique see Example 5–7 : Managing a Domain’s Configuration with JMX 5-17 1. In the same WebLogic Server JVM that hosts the MBean attribute, write a value to a byte array. 2. Pass the byte array to the weblogic.management.EncryptionHelper.encryptbyte[] method and pass its return value to the MBeanServerConnection.setAttribute method. Avoid assigning the encrypted byte array to a variable because this causes the unencrypted byte array to remain in memory until it is garbage collected and the memory is reallocated. 3. Clear the original byte array using the weblogic.management.EncryptionHelper.clear method. Example 5–7 Example: Set the Value of an Encrypted Attribute Recommended Technique public void editDefaultIIOPPasswordObjectName cfgRoot throws Exception { Get the ServerMBean from the DomainMBean ObjectName server = ObjectName connection.invokecfgRoot, lookupServer, new Object[] { myserver }, new String[] { java.lang.String }; Get new password from standard in. Assign it to a byte array. System.out.printlnEnter new password and press enter: ; byte userinput[] = new byte[10]; System.in.readuserinput; Encrypt the byte array and set it as the encrypted attribute value. Attribute newpassword = new AttributeDefaultIIOPPasswordEncrypted, weblogic.management.EncryptionHelper.encryptuserinput; connection.setAttributeserver, newpassword; System.out.printlnNew password is set to: + connection.getAttributeserver, DefaultIIOPPasswordEncrypted; Clear the byte array. weblogic.management.EncryptionHelper.clearuserinput; }

5.6.2 Set the Value of an Encrypted Attribute Compatibility Technique

Prior to 9.0, JMX clients used a different technique for setting encrypted values. JMX clients can continue to use this compatibility technique, and if you want to set encrypted values from a remote JMX client, this is the only technique available. The compatibility technique is less secure because it creates a String that contains your unencrypted password. Even though WebLogic Server converts the String to an encrypted byte array, the String will remain in memory until it is garbage collected and the memory is reallocated. To use the compatibility technique: 1. Write a value to a String. 2. Pass the String as a parameter to the MBeanServerConnection.setAttribute method, but instead of setting the value of the encrypted attribute, set the value for the corresponding non-encrypted attribute. WebLogic Server converts the String to an encrypted byte array and sets it as CustomIdentityKeyStorePassPhraseEncrypted . It does not set a value for CustomIdentityKeyStorePassPhrase . 5-18 Developing Custom Management Utilities With JMX for Oracle WebLogic Server For example, to set the CustomIdentityKeyStorePassPhraseEncrypted from a remote JMX client, invoke the MBeanServerConnection.setAttribute for an attribute named CustomIdentityKeyStorePassPhrase . For example: public void editDefaultIIOPPasswordObjectName cfgRoot, String password throws Exception { Get the ServerMBean from the DomainMBean ObjectName server = ObjectName connection.invokecfgRoot, lookupServer, new Object[]{myserver},new String[]{java.lang.String}; Attribute newpassword = new AttributeDefaultIIOPPassword, mypassword; connection.setAttributeserver, newpassword; }

5.6.3 Back Up an Encrypted Value