Weblogic Password Decrypt Steps

Oracle Weblogic Server

Recovering the data source password

1. Log in as the wls user to shell and set the domain environment variables for the domain you want to recover:

[[email protected]]$ cd $DOMAIN_HOME/bin

[[email protected]]$ . ./setDomainEnv.sh

2. Start WLST:

[[email protected]]$ $WL_HOME/common/bin/wlst.sh

3. Run the following WLST commands to display the username and password:

from weblogic.security.internal import BootProperties


prop = BootProperties.getBootProperties()

print "username: " + prop.getOneClient()

print "password: " + prop.getTwoClient()

The username and password will be displayed on the screen.

The script reads the boot.properties file, decrypts it, and displays the username and password provided.

The script points to the boot.properties file located in the security folder of the MY_AdminServer. You can point to any security folder that contains the boot.properties file of the other Managed Servers.

It is important to set the domain environments first, otherwise the script will not be able to find the SerializedSystemIni.dat file, which is the seed used by the domain to encrypt and decrypt.

Recovering the admin password

The same way that the WebLogic Administrator password is recoverable, the data source password can be retrieved as well. Here we will use ds-nonXA data source with the JNDI name jdbc/non-XA will be used to

retrieve the password. The encrypted password must be retrieved from the JDBC configuration files in the $DOMAIN_HOME/config/jdbc directory.

1. Log in as a wls user to shell and open the $DOMAIN_HOME/config/config.xml file to get the JDBC configuration filename.

[[email protected]]$ cd $DOMAIN_HOME/config

[[email protected]]$ vi config.xml

2. Locate the <jdbc-system-resource> tag of the ds-nonXA data source and get the descriptor filename.






3. Open the JDBC file:

[[email protected]]$ vi jdbc/ds-nonXA-jdbc.xml

4. Locate the <password-encrypted> tag and copy the password.


5. Start WLST using the following command:

[[email protected]]$ $WL_HOME/common/bin/wlst.sh

6. Set the copied password to the passwd variable, set the full path of the $DOMAIN_HOME/security in the secPath variable, and run the following WLST commands to display the password:

from weblogic.security.internal import *

from weblogic.security.internal.encryption import *


secPath = "/oracle/Middleware/user_projects/domains/MY_DOMAIN/security"

encService = SerializedSystemIni.getEncryptionService(secPath)

coeService = ClearOrEncryptedService(encService)

print "password: " + coeService.decrypt(passwd)

7. The password will be displayed on the screen:

wls:/offline> password: dbpwd

There is no need to set the domain environment variables this time since the script receives the full path to the SerializedSystemIni.dat file.

In case of any ┬ęCopyright or missing credits issue please check CopyRights page for faster resolutions.

3 Responses

  1. sumanth says:

    i am getting below error

  2. feroj says:

    hi , i am getting the below error while running the script

    D:\Oracle\Middleware\user_projects\domains\UDQ_domain>java weblogic.WLST Dspwd.p

    Initializing WebLogic Scripting Tool (WLST) …

    Welcome to WebLogic Server Administration Scripting Shell

    Type help() for help on available commands

    Problem invoking WLST – Traceback (innermost last):
    File “D:\Oracle\Middleware\user_projects\domains\UDQ_domain\Dspwd.py”, line 19
    , in ?
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decr
    at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decr
    at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
    at java.lang.reflect.Method.invoke(Method.java:606)

    weblogic.security.internal.encryption.EncryptionServiceException: weblogic.secur

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.