WSO2 Web Services Application Server for Java, v@wso2wswas_version@ - Change Password Tool

This document will instruct how an admin user can change his password.

Introduction

If an admin user forgets his password he cannot retrieve it using the Management Console due to security concerns. Furthermore, if you started WSO2 WSAS for Java for the first time on one version of a JDK (1.4 say), and later decide to switch to another version of a JDK (1.5 say), it becomes impossible for WSO2 WSAS to decrypt the user passwords, since the security providers for different JDKs are different.
In such scenarios, you would have to change the relevant password(s) by running the chpasswd script on the machine which is hosting the WSO2 WSAS server.

This chpasswd script is located in WSO2WSAS_HOME/bin

IMPORTANT: Before executing this script, you should shutdown the WSO2 WSAS instance..

What You Need to Know

In order to change a user's password, you need to provide the following information

  1. The WSO2 WSAS database URL

    WSO2 WSAS by default ships with the Apache Derby database and hence the default URL would be jdbc:derby:/home/[user name]/.wso2wsas/database/WSO2WSAS_DB (For Windows jdbc:derby:C:\Documents and Settings\[user name]\.wso2wsas\database\WSO2WSAS_DB) . This may differ if a different database was specified during the installation process.Then the URL will be in the form of jdbc:derby:WSO2WSAS_HOME/database/WSO2WSAS_DB, where WSO2WSAS_HOME will be the custom location specified during the installation.

  2. The Database driver class

    For the default Apache Derby database, the driver will be automatically picked up by the system. If a different database is used, the driver class needs to be specified.

  3. The Database username and password

    Again for the default Apache Derby database, the default username and password will be used by the system. However, if a different username/password is used they are needed to reset the admin password.

  4. The username and new password of the user whose password is to be changed

    If you do not provide these as command line arguments, you will be prompted for it during the execution of this tool.

Resetting the Password

This script is located in WSO2WSAS_HOME/bin. Usually this is the directory to which you have installed WSO2 WSAS in the case of the Standalone Edition, or the WSO2WSAS_HOME directory you specified during the installation of the Servlet Edition.

The command line options available for chpasswd is as follows:

Command Line Option Description Mandatory?
--db-url The database URL Yes
--db-driver The database driver class No
--db-username The username for the database No
--db-password The password for the database No
--username The username of the user whose password is to be changed.
If this is not given, you will be prompted for this field later.
No
--new-password The new password of the user whose password is to be changed.
If this is not given, you will be prompted for this field later.
No

Example

chpasswd --db-url "jdbc:derby:WSO2WSAS_HOME/database/WSO2WSAS_DB"

Example (on Windows)

chpasswd --db-url "jdbc:derby:C:\Documents and Settings\user\.wso2wsas\database\WSO2WSAS_DB"

Example (on *nix)

chpasswd --db-url jdbc:derby:home/user/.wso2wsas/database/WSO2WSAS_DB

If you have not provided the --username or --new-password input parameters, the system will prompt you for it. If the password was updated successfully, you should see the following message:

Password of user [username] updated successfully

Important Note