WebSphere custom password encryption

Question

Trying to enable password encryption in WebSphere following these procedures and I don't think I'm quite following what to do:

1. Plug point for custom password encryption

2. Enabling a plugpoint for custom password encryption

My questions are:

1. Do I need a separate CustomPasswordEncryption project for the purposes of exporting a jar to put in the ${WAS_INSTALL_ROOT}/classes directory described in link 2, step 2?
2. If so, do I just copy the interface at link 1 into that project and implement it? Let's say for now I implement it without any actual encryption, i.e. the password passed it is returned without any change. I just want to see how this works for now.
3. Link 1, step 1, say my class is called CustomPasswordEncryptionImpl, should this property be set to property com.ibm.wsspi.security.crypto.CustomPasswordEncryptionImpl?
4. Link 1, step 1, do I set the com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled property to true?
5. Link 2, step 3. I don't understand what they're trying to say, do I need to edit the classpath?
6. Once everything is done, do I need to edit the security.xml file or is the {xor} automatically replaced for me with my new alias?

Answer 1

To answer your questions...

1. All link 2 step 2 is telling you is that you need to place your implemented class into a JAR file and put it in the proper location (on the classpath). How you package/manage that file (as a project or not) is up to you.

2. You don't copy the provided interface, you implement the interface within your own custom object (implements CustomPasswordEncryption). It's already part of WebSphere. If you have the right JAR files referenced in your Project, the compiler/ide/etc will find it.

3. Yes, you set this JVM property (via java -D) to point at your implementation of the interface. Though I would highly recommend you put the implementation in your own java package, not theirs. So something like com.whatever.CustomPasswordEncryptionImpl.

4. Yes

5. I've not tried that, but it looks like naming it as such avoids the need to set the JVM properties. So they're just offering it up as an option. I still think I'd prefer it in my own package space though.

6. You are responsible for updating those, as WebSphere won't update them unless you're actively changing them.

One thing to be aware of as well... If the plugin you implement ever fails, WebSphere will default to using XOR. You'll see an entry in the logs, but would get no indication anywhere else. So make sure you keep that in mind.