Password Storage

APP and AAPP passwords are stored in Blog portlet's preferences. These passwords can either be stored in plain or DES 56-bit encrypted strings. If the portlet preference encryptedPasswords is set to true, then the portlet assumes that passwords are encrypted, otherwise it assumes plain passwords.

The default setting is plain passwords, encryptedPasswords=false. If encrypted passwords are enabled, the value for the APP user password is encrypted automatically as it is submitted by the user from the portlet's user interface. If passwords are entered directly, then they must be manually encrypted. Passwords can be entered directly by editing the portlet preferences in the Portal Server management console, or by editing the preferences in the community template role display profile.

To encrypt a plain password, use the supplied command line utility class: com.sun.portal.app.blog.password.Password. For example, to encrypt a password:

export CLASSPATH=WEB-INF/classes:WEB-INF/lib/commons-codec-1.3.jar
java com.sun.portal.app.blog.password.Password -c encrypt 
-k WEB-INF/classes/passwords.key -d '<plain password>'

If the path for the passwords.key file is set, navigate to the directory where the blog portlet is deployed (such as, /space/appserver/domains/domain1/applications/j2ee-modules/blogportlet if the application server is installed in /space), and then, run the java command.

The resulting string printed to standard out can be used as aappUserPassword and appUserPassword preference values.