WebLogic Server Command Reference

STOREUSERCONFIG

Creates a user-configuration file and an associated key file. The user-configuration file contains an encrypted username and password. The key file contains a secret key that is used to encrypt and decrypt the username and password.

Only the key file that originally encrypted the username and password can decrypt the values. If you lose the key file, you must create a new user-configuration and key file pair.

Caution: You must ensure that only authorized users can access the key file. Any user who accesses a valid user-configuration and key file pair gains the privileges of the encrypted username. To secure access to the key file, you can store the key file in a directory that provides read and write access only to authorized users, such as WebLogic Server administrators. Alternatively, you can write the key file to a removable medium, such as a floppy or CD, and lock the medium in a drawer when it is not being used.

Unlike other weblogic.Admin commands, the STOREUSERCONFIG command does not connect to a WebLogic Server instance. The data encryption and file creation are accomplished by the JVM in which the STOREUSERCONFIG command runs. Because it does not connect to a WebLogic Server instance, the command cannot verify that the username and password are valid WebLogic Server credentials.

Syntax

java weblogic.Admin 
  -username username [-password password]
  [ -userconfigfile config-file ] [ -userkeyfile keyfile ]
  STOREUSERCONFIG

Argument	Definition
`-userconfigfile` config-file	Specifies a file pathname at which the `STOREUSERCONFIG` command creates a user-configuration file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, the command overwrites the file with a new file that contains the newly encrypted username and password. If you do not specify this option, `STOREUSERCONFIG` does the following: To determine the directory in which to create the user-configuration file, it uses the JVM's user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name. To determine the file name, it prepends your operating-system username to the string `-WebLogicConfig.properties`. For example, username`-WebLogicConfig.properties`. You can use Java options to specify a different username. See Configuring the Default Path Name.
`-userkeyfile` keyfile	Specifies a file pathname at which the `STOREUSERCONFIG` command creates a key file. The pathname can be absolute or relative to the directory from which you enter the command. If a file already exists at the specified pathname, `STOREUSERCONFIG` uses the existing key file to encrypt the new user-configuration file. If you do not specify this option, `STOREUSERCONFIG` does the following: To determine the directory in which to create the key file, it uses the JVM's user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name. To determine the file name, it prepends your operating-system username to the string `-WebLogicKey.properties`. For example, username`-WebLogicKey.properties`. You can use Java options to specify a different username. See Configuring the Default Path Name.
`-username` username `[-password` password `]`	Specifies the username and password to encrypt. The `STOREUSERCONFIG` command does not verify that the username and password are valid WebLogic Server user credentials. If you omit the `-password` password argument, `STOREUSERCONFIG` prompts you to enter a password.

Argument

Definition

-userconfigfile config-file

Specifies a file pathname at which the STOREUSERCONFIG command creates a user-configuration file. The pathname can be absolute or relative to the directory from which you enter the command.

If a file already exists at the specified pathname, the command overwrites the file with a new file that contains the newly encrypted username and password.

If you do not specify this option, STOREUSERCONFIG does the following:

To determine the directory in which to create the user-configuration file, it uses the JVM's user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name.

To determine the file name, it prepends your operating-system username to the string -WebLogicConfig.properties. For example, username-WebLogicConfig.properties. You can use Java options to specify a different username. See Configuring the Default Path Name.

-userkeyfile keyfile

Specifies a file pathname at which the STOREUSERCONFIG command creates a key file. The pathname can be absolute or relative to the directory from which you enter the command.

If a file already exists at the specified pathname, STOREUSERCONFIG uses the existing key file to encrypt the new user-configuration file.

If you do not specify this option, STOREUSERCONFIG does the following:

To determine the directory in which to create the key file, it uses the JVM's user-home directory. The default value varies depending on the SDK and type of operating system. See Configuring the Default Path Name.

To determine the file name, it prepends your operating-system username to the string -WebLogicKey.properties. For example, username-WebLogicKey.properties. You can use Java options to specify a different username. See Configuring the Default Path Name.

-username username [-password password ]

Specifies the username and password to encrypt. The STOREUSERCONFIG command does not verify that the username and password are valid WebLogic Server user credentials.

If you omit the -password password argument, STOREUSERCONFIG prompts you to enter a password.

Configuring the Default Path Name

If you do not specify the location in which to create and use a user-configuration file and key file, the weblogic.Admin and weblogic.Deployer utilities supply the following default values:

user-home-directory\username-WebLogicConfig.properties
user-home-directory\username-WebLogicKey.properties

Where user-home-directory is the home directory of the operating-system user account as determined by the JVM, and username is your operating-system username.

The value of the home directory varies depending on the SDK and type of operating system. For example, on UNIX, the home directory is usually "~username." On Windows, the home directory is usually "C:\Documents and Settings\username".

You can use the following Java options to specify values for user-home-directory and username:

-Duser.home=pathname specifies the value of user-home-directory
-Duser.name=usernanme specifies the value of username.

For example, the following command configures the user-home directory to be c:\myHome and the user name to be wlAdmin. The command will search for the following user-configuration file and user key file:
c:\myHome\wlAdmin-WebLogicConfig.properties c:\myHome\wlAdmin-WebLogicKey.properties

java -Duser.home=c:\myHome -Duser.name=wlAdmin
weblogic.Admin COMMAND

Creating User-Configuration and Key Files

To create user-configuration and key files:

Use the -username username and -password password arguments to specify the username and password to be encrypted.

Specify the name and location of the user-configuration and key files by doing one of the following:

Use the -userconfigfile config-file and -userkeyfile key-file arguments:
java weblogic.Admin -username username -password password
-userconfigfile config-file -userkeyfile key-file
STOREUSERCONFIG
Use the default behavior to create files named
user-home-directory\username-WebLogicConfig.properties and
user-home-directory\username-WebLogicKey.properties: java weblogic.Admin -usernameusername -password password
STOREUSERCONFIG
Use the -Duser.home=directory and -Duser.name=username Java options to create files named
directory\username-WebLogicConfig.properties and
directory\username-WebLogicKey.properties: java -Duser.home=directory -Duser.name=usernameweblogic.Admin -usernameusername -password password
STOREUSERCONFIG

You can change the name and location of a user-configuration file or a key file after you create them, as long as you use the two files as a pair.

Using a Single Key File for Multiple User-Configuration Files

To use one key file to encrypt multiple user-configuration files:

Create an initial user-configuration file and key file pair.

For example, enter the following command:
java weblogic.Admin -username username -password password -userconfigfile c:\AdminConfig -userkeyfile e:\myKeyFile STOREUSERCONFIG

When you create an additional user-configuration file, specify the existing key file.

For example, enter the following command:
java weblogic.Admin -username username -password password -userconfigfile c:\anotherConfigFile -userkeyfile e:\myKeyFile STOREUSERCONFIG

Examples

In the following example, a user who is logged in to a UNIX operating system as joe encrypts the username wlAdmin and password wlPass:

java weblogic.Admin -username wlAdmin -password wlPass STOREUSERCONFIG

The command determines whether a key file named ~joe/joe-WebLogicKey.properties exists. If such a file does not exist, it prompts the user to select y to confirm creating a key file. If the command succeeds, it creates two files:
~joe\joe-WebLogicConfig.properties
~joe\joe-WebLogicKey.properties

The file joe-WebLogicConfig.properties contains an encrypted version of the strings wlAdmin and wlPass. Any command that uses the ~joe\joe-WebLogicConfig.properties file must specify the ~joe\joe-WebLogicKey.properties key file.

In the following example, the user joe is a System Administrator who wants to create a user-configuration file for an operating-system account named pat. For the sake of convenience, joe wants to create the user-configuration file in pat's home directory, which will simplify the syntax of the weblogic.Admin commands that pat invokes. For added security, only one key file exists at joe's organization, and it is located on a removable hard drive.

To create a user configuration file in pat's home directory that is encrypted and decrypted by a key file name e:\myKeyFile:

java -Duser.name=pat -Duser.home="C:\Documents and Settings\pat" weblogic.Admin -username wlOperatorPat -password wlOperator1 -userkeyfile e:\myKeyFile STOREUSERCONFIG

A user who logs in to pat's account can use the following syntax to invoke weblogic.Admin commands:
java weblogic.Admin -userkeyfile e:\myKeyFile COMMAND

For information on using user-configuration and key files, see Specifying User Credentials.

Commands for Managing the Server Life Cycle

Table 1-4 is an overview of commands that manage the life cycle of a server instance. Subsequent sections describe command syntax and arguments, and provide an example for each command. For more information about the life cycle of a server instance, refer to "Server Life Cycle" in the Configuring and Managing WebLogic Server guide.

Table 1-4 Overview of Commands for Managing the Server Life Cycle

Command	Description
`CANCEL_SHUTDOWN`	(Deprecated) Cancels the `SHUTDOWN` command for the WebLogic Server that is specified in the URL. See CANCEL_SHUTDOWN.
`DISCOVERMANAGEDSERVER`	Causes the Administration Server to re-establish its administrative control over Managed servers. See DISCOVERMANAGEDSERVER.
`FORCESHUTDOWN`	Terminates a server instance without waiting for active sessions to complete See FORCESHUTDOWN.
`LOCK`	(Deprecated) Locks a WebLogic Server against non-privileged logins. Any subsequent login attempt initiates a security exception which may contain an optional string message. See LOCK.
`RESUME`	Makes a server available to receive requests from external clients. See RESUME.
`SHUTDOWN`	Gracefully shuts down a WebLogic Server. See SHUTDOWN.
`START`	Uses a configured Node Manager to start a Managed Server in the `RUNNING` state. See START.
`STARTINSTANDBY`	(Deprecated) Uses a configured Node Manager to start a Managed Server and place it in the `STANDBY` state. See STARTINSTANDBY.
`UNLOCK`	(Deprecated) Unlocks the specified WebLogic Server after a LOCK operation. See UNLOCK.