Enabling custom password encryption

If you enabled custom password encryption in your source IBM® Business Process Manager environment to protect passwords that are contained in your WebSphere® Application Server configuration, you must complete the following steps before migration.

About this task

Steps 1 to 3 and step 5 are required for the following migration commands:
  • BPMMigrationPreValidation
  • BPMExtractSourceInformation
  • BPMConfig -migrate
Step 4 is required for the following migration commands:
  • BPMMigrationPreValidation
  • BPMExtractSourceInformation
  • BPMConfig -migrate
  • DBUpgrade

Procedure

  1. Create an OSGi (Open Service Gateway initiative) bundle from your custom encryption jar file.

    Create the bundle MANIFEST.MF file and place it in jarfile/META-INF/. The value of the Fragment-Host property cannot be modified, because your custom encryption class must implement the com.ibm.wsspi.security.crypto.CustomPasswordEncryption interface. The Bundle-Name, Bundle-SymbolicName, and Bundle-Vendor properties can be modified, but Bundle-Version must be in the format of major[.minor[.micro]][.qualifier].

    For example:
    Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: customEncryptBundleSampleName
Bundle-SymbolicName: com.companyName.packageName.customEncryptSampleSymbolicName
Bundle-Version: 1.0.0.0
Bundle-Vendor: VendorName
Fragment-Host: com.ibm.ws.runtime
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  2. Copy the OSGI bundle to your plug-ins folder.
    • If you installed the new version of the product on the same computer as the source environment, copy the OSGI bundle to install_root_8.5/plugins.
    • If you installed the new version of the product on a different computer and copied the migration files to the source environment, copy the OSGI bundle to remote_migration_utility/plugins.
  3. Run the osgiCfgInit command to clear the class cache of the JVM. From install_root_8.5/plugins or remote_migration_utility/plugins, run osgiCfgInit.bat or osgiCfgInit.sh.
  4. Enable each of the migration command scripts to support custom encryption. From install_root_8.5/plugins or remote_migration_utility/plugins, open the script or batch file for each of the following commands:
    • BPMMigrationPreValidation
    • BPMExtractSourceInformation
    • BPMConfig -migrate
    • DBUpgrade
    For each script or batch file:
    • Find the comment block "Enabling custom password encryption." Read the comments and then uncomment the properties.
    • Modify the value of the CUSTOMPWDPROPS property based on your custom encryption class name.
    • For the DBUpgrade command, also modify the value of the CLASSPATH property and replace it with the full file path of your custom password encryption jar file.
  5. After you have finished migration, remove the OSGi custom encryption bundle from your plug-ins folder.
Parent topic: Planning a migration
Related tasks:
Enabling custom password encryption