[Download] | [Documentation Home] | [Release Note]
This document explains how an admin user can change his or her password.
If an admin user forgets his password, he cannot retrieve it using the
Management Console due to security concerns. Furthermore, if you started WSO2
AppServer for the first time on one version of a JDK (say 1.4), and later decided
to switch to another version of a JDK (say 1.5), it becomes impossible for
WSO2 AppServer to decrypt the user passwords, since the security providers for
different JDKs are different.
In such scenarios, you would have to change the relevant passwords by running
the chpasswd script on the machine that hosts the WSO2 AppServer server.
The chpasswd script is located in CARBON_HOME/bin
IMPORTANT: Before executing this script, you should shutdown the WSO2 AppServer instance.
In order to change a user's password, you need to provide the following information
By default, WSO2 AppServer ships with the Apache Derby database and hence the default URL would be jdbc:h2:/home/[user name]/.wso2appserver/database/WSO2CARBON_DB (For Windows jdbc:h2:C:\Documents and Settings\[user name]\.wso2appserver\database\WSO2CARBON_DB) . This may differ if a different database was specified during the installation process.Then the URL will be in the form of jdbc:h2:CARBON_HOME/database/WSO2CARBON_DB, where CARBON_HOME will be the custom location specified during the installation.
For the default H2 database, the driver will be automatically picked up by the system. If a different database is used, the driver class needs to be specified.
Again for the default H2 database, the default username and password will be used by the system. However, if a different username/password is used, you are required to reset the admin password.
If you do not provide these as command line arguments, you will be prompted for it during the execution.
This script is located in CARBON_HOME/bin. Usually this is the directory in which you have installed/extracted WSO2 AppServer.
The command line options available for chpasswd is as follows:
Command Line Option | Description | Mandatory? |
--db-url | The database URL | Yes |
--db-driver | The database driver class | No |
--db-username | The username for the database | No |
--db-password | The password for the database | No |
--username | The username of the user whose password is to be changed. If this is not given, you will be prompted for this field later. |
No |
--new-password | The new password of the user whose password is to be changed. If this is not given, you will be prompted for this field later. |
No |
Example
chpasswd --db-url "jdbc:h2:CARBON_HOME/database/WSO2CARBON_DB"
Example (on Windows)
chpasswd --db-url "jdbc:h2:C:\Documents and Settings\user\.wso2appserver\database\WSO2CARBON_DB"
Example (on *nix)
chpasswd --db-url jdbc:h2:home/user/.wso2appserver/database/WSO2CARBON_DB
If you have not provided the --username or --new-password input
parameters, the system will prompt you for it. If the password was updated
successfully, you should see the following message:
Password of user [username] updated successfully