pub.security.outboundPasswords:setPassword
WmPublic. Stores a key and password in the password store.
Input Parameters
key | String Key to be associated with the password entry. |
value | WmSecureString Password to be stored. |
isInternal | String "true" if this should be saved as an internal password; "false" if it should be saved as a public password. Default is "false". (See
Internal and Public Passwords for more information.) |
Output Parameters
result | String "true" if password was successfully stored; "false" otherwise. |
message | String "successful" or reason for failure. |
Usage Notes
This is the basic process a flow service should follow to store an outbound password:
For security reasons, the flow service should be run manually requiring an authorized person to type the password to be stored. This will eliminate the need to save the password on disk in an unencrypted format.
The pub.security.outboundPasswords:setPassword service requires a key to be supplied which is basically a key to the password. This key must be saved in some way; any flow service wishing to use the password to access a secure resource will need to supply the key to retrieve the password from the outbound password store.
Internal and Public Passwords
Internal passwords are passwords for use by the Integration Server itself to access secure resources (e.g., remote Integration Servers, JDBC connection pools, LDAP servers, etc.). Internal passwords are managed using the Integration Server Administrator and are stored in the outbound password store. Flow services are also allowed to store passwords in the outbound password store. However, by default, passwords stored by a flow service are considered "public," as opposed to internal. This distinction allows flow services to use the outbound password store as a secure mechanism for storing and retrieving passwords, but protects the Integration Server's internal passwords.
When calling any of the pub.security.outboundPasswords services (i.e. setPassword, getPassword, listKeys, removePassword, and updatePassword) the isInternal input parameter indicates whether the service is working with internal or public passwords. Note that even if this parameter is set to "true", you cannot access internal passwords if the Integration Server is configured to deny access to internal passwords. Access to internal passwords is controlled by the watt.security.ope.AllowInternalPasswordAccess configuration parameter on the Integration Server; for more information see IBM webMethods Integration Server Administrator’s Guide.