Setting WebLogic security properties
This document describes new security features to better secure the WebLogic administrative user login and to restrict that user's login to a specified port.
Changing the WebLogic administrative user
The default administrative user for the WebLogic server is the "system" user. The password for this user is set in the weblogic.properties file with the weblogic.password.system property.
The weblogic.system.user property allows you to change the administrative user from "system" to some other user you choose. The new administrative user must also be established with a weblogic.password.user property.
Here are the properties to set the administrative user to "weblogicroot" with the password "b96yUksbY3B":
You can add these properties to the weblogic.properties file. For additional security, you could instead set the properties on the Java command line when you start the WebLogic Server. (But make sure that the operating system is secure from commands such as ps that can display the text of the command line.) Start the server as described in Starting the WebLogic Server from the command line and add:
$ ... -Dweblogic.system.user=weblogicroot -Dweblogic.password.weblogicroot=b96yUksbY3B ...
Changing the WebLogic Server administrative port
Use the weblogic.system.administrativePort property to set a port number for administrative user logins. When this property is set, the system user cannot log in on any other port, and only system user logins are permitted on the designated port. The port uses SSL by default. If you change the administrative user from "system" to another user (using weblogic.system.user), only that user may log in on this port.
The port you choose must be free from any other use, either by operating system services or other WebLogic Server port assignments.
Here is an example that sets the WebLogic Server to listen for T3 connections on port 7001, SSL connections (t3s and https) connection on port 7002, and administrative user connections on port 7003.
# TCP/IP port number at which the T3Server listens for connections weblogic.system.listenPort=7001 # SSL listen port weblogic.system.SSLListenPort=7002 # Port number for administrative user logins weblogic.system.administrativePort=7003
Since the administrative port defaults to SSL, you must use SSL when connecting to the port. For example, to connect with the WebLogic console, start the Console and follow these steps:
Copyright © 2000 BEA Systems, Inc. All rights reserved.