Clarity

Expand all | Collapse all

CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

navzjoshi00

navzjoshi00Oct 07, 2015 12:56 AM

  • 1.  CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Oct 06, 2015 03:12 PM

    Hello everybody,

     


    In our work, it's frequent to see the DB password changed after the Jaspersoft installation. Of course this doesn't mean you have to do the reinstall again. Here is what you can do:

    Recreate the password in plain text:
    1. Open the following file with a text editor: 

    $JSTomcat \webapps\reportservice\META-INF\context.xml

    2. Replace the details on the connection, enter the pwd in non-encrypted way for Oracle, save and restart Jaspersoft.


    Recreate the password in encrypted way:
    1. Go to your Jaspersoft Install files: $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\default_master.properties
    2. Enter the correct value for Jasper DB Password in plain text
    3. Ensure all other values are still valid, such as Tomcat directory etc.
    4. Change the encrypt.done=true to encrypt=true
    5. Save the file.
    6. Now navigate to $jasper_install\jasperreports-server-5.6.1-bin\buildomatic
    7. Run the command:
    js-ant refresh-config
    This will remove and recreate all the configuration files without deploying them to the application server.
    8. Once done, get the context file from: $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\build_conf\default\webapp\META-INF\context.xml and replace the one in $JSTomcat\webapps\reportservice\META-INF\context.xml
    9. Restart Jaspersoft Tomcat

     

    Note that the password you entered in plain text in default_master.properties will now also be encrypted. This will work for other passwords too.


    Same will also be helpful in case you change your Jaspersoft connection detail to regenerate the context.xml file (for example to use another database server).


    Kind Regards

     

    Nika Hadzhikidi
    CA Technologies
    Principal Support Engineer



  • 2.  Re: How to replace your Jaspersoft Database password so it remains encrypted

     
    Posted Oct 06, 2015 06:28 PM

    Thanks for sharing this tech tip with the community Nika!

    NIKA HADZHIKIDI wrote:

     

    Hello everybody,

     


    In our work, it's frequent to see the DB password changed after the Jaspersoft installation. Of course this doesn't mean you have to do the reinstall again. Here is what you can do:

    Recreate the password in plain text:
    1. Open the following file with a text editor: 

    $JSTomcat \webapps\reportservice\META-INF\context.xml

    2. Replace the details on the connection, enter the pwd in non-encrypted way for Oracle, save and restart Jaspersoft.


    Recreate the password in encrypted way:
    1. Go to your Jaspersoft Install files: $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\default_master.properties
    2. Enter the correct value for Jasper DB Password in plain text
    3. Ensure all other values are still valid, such as Tomcat directory etc.
    4. Change the encrypt.done=true to encrypt=true
    5. Save the file.
    6. Now navigate to $jasper_install\jasperreports-server-5.6.1-bin\buildomatic
    7. Run the command:
    js-ant refresh-config
    This will remove and recreate all the configuration files without deploying them to the application server.
    8. Once done, get the context file from: $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\build_conf\default\webapp\META-INF\context.xml and replace the one in $JSTomcat\webapps\reportservice\META-INF\context.xml
    9. Restart Jaspersoft Tomcat

     

    Note that the password you entered in plain text in default_master.properties will now also be encrypted. This will work for other passwords too.


    Same will also be helpful in case you change your Jaspersoft connection detail to regenerate the context.xml file (for example to use another database server).


    Kind Regards

     

    Nika Hadzhikidi
    CA Technologies
    Principal Support Engineer



  • 3.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Oct 07, 2015 12:56 AM

    Thanks for sharing this, Nika

     

    Regards

    NJ



  • 4.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Oct 13, 2015 12:03 PM

    Hi Nika,

     

    I tried with second option Recreate the password in encrypted way but,I received below error while starting the tomcat service

     

    Oct 13, 2015 11:24:01 AM org.apache.catalina.core.NamingContextListener addResource

    WARNING: Failed to register in JMX: javax.naming.NamingException: Failed to decrypt

    Oct 13, 2015 11:24:01 AM org.apache.naming.NamingContext lookup

    WARNING: Unexpected exception resolving reference

    java.lang.RuntimeException: Failed to decrypt

     

    Please let me know what am I missing..

     

    Thanks

    Giri



  • 5.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Oct 14, 2015 05:06 PM

    Hi Giri,

     

    Could you please attach your jasperserver log for review? I need to see what exactly comes after the last error line you posted.
    Have you done any modification to the context.xml file apart from the password? Please compare both context files and see if there is any other difference, that may give us a clue.


    Looking forward to hearing from you.

     

    Kind Regards

     

    Nika Hadzhikidi
    CA Technologies
    Principal Support Engineer



  • 6.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Oct 15, 2015 03:15 PM

    Please find the log files

    Attachment(s)

    zip
    catalina.log.zip   3 KB 1 version
    zip
    jasperserver.log.1.zip   35 KB 1 version


  • 7.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Oct 16, 2015 05:54 PM

    Hi Giri,


    Thanks a lot for providing the logs.


    The full error message:
    WARNING: Unexpected exception resolving reference
    java.lang.RuntimeException: Failed to decrypt
    at com.jaspersoft.jasperserver.crypto.EncryptionEngine.decrypt(EncryptionEngine.java:156)
    at com.jaspersoft.jasperserver.crypto.EncryptionEngine.decrypt(EncryptionEngine.java:113)
    at com.jaspersoft.jasperserver.tomcat.jndi.JSBasicDataSourceFactory.getObjectInstance(JSBasicDataSourceFactory.java:53)
    at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:141)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:842)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:830)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:830)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:830)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:167)


    Caused by: javax.crypto.BadPaddingException: Given final block not properly padded


    Could you try the following:

    1. Try recreating the context file again
    2. If this doesn't work, try modifying your password, see if this helps
    3. Also, compare both context.xml file to see if anything is standing out

     

    Kind Regards

     

    Nika Hadzhikidi
    CA Technologies
    Principal Support Engineer



  • 8.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Oct 15, 2015 01:15 PM

    Hi Nika,

     

    thank you so much for this hint!

     

    In case the DWH database connectivity has changed, we have to update the information stored encrypted in the profile attributes of jasperadmin, e.g. ppmDBServerURL_enc.

    Is there a similar way to recreate this information.

     

    Thank you again for your help.

     

    Kind regards

    Georg



  • 9.  Re: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Oct 19, 2015 05:36 PM

    Hi Georg,

     

    This information will be taken from properties.xml in Clarity. So the steps to follow will be:

     

    1. Modify the DWH database URL in the properties.xml

    2. Save and restart Clarity services

    3. Run the command:

    admin update jasperParameters

    This command will reset the information you are seeing as profile attributes on jasperadmin user, including ppmDBServerURL_enc.

     

    Hope this helps.

     

    Kind Regards

     

    Nika Hadzhikidi

    CA Technologies

    Principal Support Engineer

     



  • 10.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Jan 13, 2016 01:25 PM

    Hi Nika,

     

    Just confirming your instructions on the jasperDB password change(encrypted Method ). As I'm have the same issue and error in the logs as ykrao. The only two parameters (dbPassword and encrypt) is needed to be editing in default_master.properties file correct(as per example below) ?  What about the "sysPassword" parameter, as it's using the the same username as the "dbUsername" parameter ?

    Also is there any other dependency that I might be over looking (ex. same user that install it)

     

     

    Ex.  --------------------------------------

    # Enter Jaspersoft Database Password

    dbPassword=MyNewJasperDBPasswordInPlainText

     

    encrypt=true

    Ex.  --------------------------------------

     

     

    Also note, I can confirm that the plain text method does work and was able to startup and logon using that method.

     

    Thanks

    Mr Kim Li

     

     



  • 11.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Jan 21, 2016 09:26 AM

    Was able to resolve the issue,  The command use to refresh the config (js-ant refresh-config) will required access  to license key or same user account  when install/build of JasperSoft. 



  • 12.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Dec 26, 2016 03:02 AM

    Hi Nika,

     

    I have problems with starting the JS server. How it started I really do not know. May be after a OS patch or AV update. the first error was :

     

    WARNING: Unexpected exception resolving reference
    java.lang.RuntimeException: KeystoreManager.init was never called or there are errors instantiating an instance.
    at com.jaspersoft.jasperserver.crypto.KeystoreManager.getInstance(KeystoreManager.java:186)

     

    I could not find $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\default_master.properties file but there was $jasper_install\jasperreports-server-5.6.1-bin\buildomatic\default_master.properties_bak. I copied and renamed it default_master.properties. Then I tried "js-ant refresh-config". 2 files created in my users home directory. After this I have tired to start the server but the error was: 

     

    WARNING: Unexpected exception resolving reference
    java.lang.RuntimeException: Failed to decrypt
    at com.jaspersoft.jasperserver.crypto.EncryptionEngine.decrypt(EncryptionEngine.java:163)

     

    Your kind assistance will be appreciated.

     

    Regards



  • 13.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Dec 26, 2016 03:53 AM

    Hi Bican,

     

    Did you just apply OS patch which causes this? Do you have problems stating the Jaspersoft? Can you please share the full log please?

     

    Regards
    Suman Pramanik 



  • 14.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Dec 26, 2016 05:03 AM
      |   view attached

    Our security group applied a patch to OS or AV. we could not determined up to know. I have tried severeal times and several ways but could not manage to start. I am pasting the last catalina log file

     


    INFO: Deploying web application directory C:\CAPPMJS\JSTomcat\apache-tomcat-7.0.55\webapps\reportservice
    Ara 26, 2016 8:52:25 AM org.apache.catalina.startup.TaglibUriRule body
    INFO: TLD skipped. URI: http://www.springframework.org/tags is already defined
    Ara 26, 2016 8:52:25 AM org.apache.catalina.startup.TaglibUriRule body
    INFO: TLD skipped. URI: http://www.tonbeller.com/jpivot/core is already defined
    Ara 26, 2016 8:52:27 AM org.apache.catalina.startup.TaglibUriRule body
    INFO: TLD skipped. URI: http://www.springframework.org/tags is already defined
    Ara 26, 2016 8:52:28 AM org.apache.naming.NamingContext lookup
    WARNING: Unexpected exception resolving reference
    java.lang.RuntimeException: KeystoreManager.init was never called or there are errors instantiating an instance.
    at com.jaspersoft.jasperserver.crypto.KeystoreManager.getInstance(KeystoreManager.java:186)
    at com.jaspersoft.jasperserver.tomcat.jndi.JSBasicDataSourceFactory.getObjectInstance(JSBasicDataSourceFactory.java:70)
    at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:141)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:842)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:830)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:167)
    at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1103)
    at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:682)
    at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:271)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
    at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5378)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
    at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
    at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

    Ara 26, 2016 8:52:28 AM org.apache.catalina.core.NamingContextListener addResource
    WARNING: Failed to register in JMX: javax.naming.NamingException: KeystoreManager.init was never called or there are errors instantiating an instance.
    Ara 26, 2016 8:52:28 AM org.apache.naming.NamingContext lookup

    Attachment(s)

    zip
    log.log.zip   5 KB 1 version


  • 15.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Broadcom Employee
    Posted Dec 27, 2016 05:14 PM

    Hi Bican

     

    It looks like the keystore is having an issue to decrypt. Can you please try to regenerate the keystore and reboot the service again. See if that helps and let me know.

     

    Thanks -Nika



  • 16.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Dec 28, 2016 01:04 AM

    Hi Nika,

     

    Thanks for your reply. With the guidance of Suman, I had installed tomcat and JS again... Actually we didnot do to much on it so it was no so critical to do it. But we want to import one important report that we had created before. we have jrxml file. But I do not have any idea how to fetch the input controls.

     

    Regards



  • 17.  Re: CA PPM Tech Tip: How to replace your Jaspersoft Database password so it remains encrypted

    Posted Sep 01, 2017 05:01 PM

    Nika_Hadzhikidi Thank you so much for your contribution;  very helpful!

     

    I realize this thread is nearly a year old, but since a few commentors and myself had issues updating the password when using configuration password encryption (Failed to Decrypt error when starting the jasper listener) I thought I would post the fix to those issues.

     

    I run tomcat as a non-privileged user (shouldn't everyone?).   Since that account doesn't have a shell, in order for config-file password encryption to work I had to set the following environment variables so the buildomatic process would create the java keystore used to decrypt the encrypted configuration passwords in the application's directory.

     

       export ks=<insert path to tomcat conf directory here>/jasper-keystore/
       export ksp=<insert path to tomcat conf directory here>/jasper-keystore/

     

    Doing so as step 6.5 in Nika's post for encrypted passwords will allow the buildomatic process to re-create the keystore to properly decrypt the new password being written to the new context.xml.

     

    Hope this helps!

     

    #jasperreportserver#jasper#jaspererror #passwordencryptionkeys#javakeystore