<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
Encrypting MMC User Passwords
Enterprise Edition
The Management Console stores user names and passwords in plain text, in the persistent information database in the mmc-data
directory. To avoid storing user names and passwords in plain text, you can encrypt user names and passwords.
The instructions on this page detail how to run a provided Groovy script to encrypt existing user passwords, and update the database accordingly.
This method does not apply to LDAP authentication, but only to the default authentication configuration for the Management Console. If you wish to encrypt user passwords in an LDAP authentication configuration, see Encrypting the MMC LDAP Password. |
Configuring the Management Console
This section details how to configure the Management Console to encrypt existing user passwords in its persistent database.
Before modifying the configuration files listed below, ensure that the Management Console is not running. |
File applicationContext-spring-security.xml
Locate the file <MMC Home>/WEB-INF/classes/META-INF/applicationContext-spring-security.xml
. In this file, find the bean passwordEncoder
, and edit it as shown below.
The above example uses the SHA password encoder; you may use another encoding if desired. Spring includes several options, such as the Md5PasswordEncoder. |
File applicationContext-core.xml
Locate the file <MMC Home>/WEB-INF/classes/META-INF/applicationContext-core.xml
. In this file, find the bean userManager
, and edit is as shown below.
<bean id="userManager" class="com.mule.support.EncryptedUserManagerImpl" init-method="initialize">
<property name="sessionFactory" ref="sessionFactory" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="salt" value="" />
</bean>
After modifying the configuration files, complete the following steps:
-
Download and unpack the MMC password encryption tools. When you unpack it, the file expands to a directory with two files,
mmc-encrypter-1.0.jar
andautorun.groovy.script
. -
Copy the file
mmc-encrypter-1.0.jar
to<MMC_HOME>/WEB-INF/lib
. -
Copy the script
autorun.groovy.script
to the directory you are running the Management Console from. For example, if using Tomcat, copy the script to<Tomcat home>/bin
. -
Start the Management Console.
Starting the Management Console will run, then automatically remove, autorun.groovy.script .
|
The Groovy script migrates all plain-text user passwords to their encrypted values, and updates the database with these values.
To ensure the update completed successfully, search the logs for the following entry:
>>>>>>>>>>> Passwords updated successfully
The Groovy script should have been automatically removed after you started the Management Console. If the script has not been removed, remove it manually.