When using wlshell in some environments like Production or UAT, having clear text passwords in scripts might represent a security risk.
Passwords are used when connecting to servers. Once connected, some attributes contain sensitive information and should not be set using clear text values, like the database password for a JDBC connection pool.
To avoid having to include clear text values for passwords in a script, wlshell provides a special class: wlshell.security.Password. Instances of the Password class can be used in the "connect", "ping" and "set" commands. When using a Password object, the passwords are not specified in the script, but on a properties file that can be protected using OS file permissions. The password is not printed out on the console either.
Here is an example of how to use the Password class to connect to a server:
wlsh [not connected]> password = new wlshell.security.Password variable password set to <password not initialized> (wlshell.security.Password) wlsh [not connected]> $password readPassword password.properties weblogic true wlsh [not connected]> $password <password for user "weblogic" on file "password.properties"> wlsh [not connected]> connect localhost:7091 weblogic $password connecting to MBeanServer(s) as weblogic...done
The properties file referenced by the script contains a list of key-value pairs, where the key is the user name and the value the password. Here is an example:
weblogic=weblogic spongebob=bikini00 mradmin=adminpass
The Password class can also be used to set attributes with the "set" command, for instance the connection password in a JDBC connection pool configuration:
set Password $password