Securing Credentials with Oracle Wallet

Oracle Wallet provides an simple and easy method to secure credentials between multiple domains. It allows you to update credentials by updating the wallet instead of having to change individual credentials.

To secure your credentials, you must:

  • Create a wallet file and add the necessary credentials using the JMS resource adapter encryption utility. This step creates a cwallet.sso file at the specified location that maps an alias to the secured credentials.

    See Using the wljmsra Encryption Utility for more information.

  • Provide the alias in the JMS resource adapter deployment descriptor or connection pool configuration.

  • Provide the location of the cwallet.sso file in the JMS resource adapter deployment descriptor or connection pool configuration.

Example JNDI Configurations for Setting Credentials

The following table provide examples showing how you can set JMS resource adapter JNDI environment properties.

JNDI Settings Behavior 
java.naming.security.principal=principal

java.naming.security.principal=principal

java.naming.security.credentials=credentials

The JMS resource adapter runtime uses the values of principal and credentials to access Oracle WebLogic Server destinations.

 
java.naming.security.principal=principal

java.naming.security.credentials=->alias

weblogic.jms.walletDir=dirctory

The JMS resource adapter runtime uses the value of principal as the user name and the value of alias to retrieve and use the password stored in the cwallet.sso file located in the directory specified by the value of directory.

 
java.naming.security.principal=->alias1

java.naming.security.credentials=->alias2

weblogic.jms.walletDir=dirctory

The JMS resource adapter runtime uses the value of alias1 to retrieve and use the user name and alias2 to retrieve and use the password stored in the cwallet.sso file located in the directory specified by the value of directory.

 
java.naming.security.principal=->alias

java.naming.security.credentials=->

weblogic.jms.walletDir=dirctory

The JMS resource adapter runtime uses the value of alias to retrieve and use the user name and password stored in the cwallet.sso file located in the directory specified by the value of directory.

 
java.naming.security.principal=principal

java.naming.security.credentials=->

weblogic.jms.walletDir=dirctory

The JMS resource adapter runtime uses the value of principal as the user name and the value of principal to retrieve and use the password stored in the cwallet.sso file located in the directory specified by the value of directory.

Using the wljmsra Encryption Utility

The JMS resource adapter provides a command-line utility to add application credentials into an Oracle Wallet file. To run the utility, change to the WL_HOMEserver/lib directory and enter the following command to display the valid commands:

java -jar wljmsra.rar help
Usage:
create <dir>: Create wallet under given directory.
add <alias> <value> [dir]: Add value using the alias.
replace <alias> <value> [dir]: Replace value of the alias.
remove <alias> [dir]: Remove an alias.
dump [dir]: List all aliases in the wallet.
help: This help.

The following example uses the encryption utility to create a wallet file in the directory mywallet:

java -jar wljmsra.rar create mywallet
Info: Created wallet under directory 'mywallet'.

The following example uses the encryption utility to create an alias:

java -jar wljmsra.rar add user6 pwd6
Info: Added alias 'user6'.

The following example uses the encryption utility to replace an alias:

java -jar wljmsra.rar replace user6 newpwd6
Info: Replaced alias 'user6'.

The following example uses the encryption utility to remove an alias:

java -jar wljmsra.rar remove user6
Info: Removed alias 'user6'.

The following example uses the encryption utility to list the aliases in a wallet:

java -jar wljmsra.rar dump mywallet
Info: Aliases found in wallet under 'mywallet'.
user4
Info: 1 aliases found.