PROCESSIT 7.4 R1
For Oracle Fusion Middleware 11g

Security Settings

©2025 Copyright ReadSoft AG (publ). All rights reserved. The contents of this document are subject to change without notice. ReadSoft is a registered trademark of ReadSoft AB. Other product and company names herein may be the trademarks or registered trademarks of their respective owners.
Questions or comments about this document may be emailed to documentation@readsoft.com.

ReadSoft AB (Head office) | Södra Kyrkogatan 4 | SE-252 23 Helsingborg | Sweden | Phone: +46 42 490 21 00 | Fax: +46 42 490 21 20
ReadSoft AG | Falkstrasse 5 | 60487 Frankfurt | Germany | Phone: +49 69 1539402-0 | Fax: +49 69 1539402-13
info@readsoft.com | www.readsoft.com

Security SettingsSecurity IntroductionOperating systemSuperuser root on linux serversoracleEncrypt password in EBSAdapter.xmlPROCESSIT ApplicationEncrypt URLsChange password for SETUP userPROCESSIT Database / Dehydration StorePrivileged user SYSTEMDatabase Link EBSDBPrivileged user D4Privileged user APPSORABPEL and ORAESBORAWSMUsing indirect passwords in SOA SUITE jdbc Connection PoolsWeblogic Administrative user weblogicSOA Suite Administrative user oc4jadminprocessit.propertiesEncrypt processit.properties

Security Settings

Security Introduction

ReadSoft strongly recommends that changes in security settings are performed on a test environment, which is tested thoroughly prior to production implementation.

You can change default passwords in the PROCESSIT Application, use indirect passwords, encrypt passwords in files and encrypt processit.properties. Other security features, such as custom authentication and Enabling SSL are covered in their respective topics.

You can perform all steps, or some of the steps in accordance with site security policies.

Operating system

Superuser root on linux servers

You can change the root password on the PROCESSIT server(s). This password is not required for upgrades or troubleshooting.

  1. Login as user root
  2. passwd
  3. Follow instructions

oracle

You can change the oracle password on the PROCESSIT server(s). However it is needed for upgrades and troubleshooting and should be available for support.

  1. Login as user oracle.
  2. passwd
  3. Follow instructions
  4. Change the password in processit.properties for future reference
  5. cd <inst_root>/config ; vi processit.properties
  6. weblogic.server.password = <newpassword>
  7. bpel.server.password = <newpassword>
  8. db.server.password = <newpassword>

Encrypt password in EBSAdapter.xml

To encrypt the password in the EBSAdapter.xml which is used with rejections from payable interface after import.

cd /oracle/as/product/10.1.3.1/OracleAS_1/j2ee/oc4j_soa/applib

Edit EbsAdapter.xml to put an exclamation mark ! in front of the clear text password in the database.pwd property value.

Clear Text Example: <property Name="database.pwd" Value="clearTextPassword"/>

Encrypted Example: <property Name="database.pwd" Value="!clearTextPassword"/>

Start PROCESSIT and "clearTextPassword" is encrypted when the file is first read, which is when an invoice is rejected in the payables interface.


	<property Name="database.usr" Value="xxd4_apps"/>
	<property Name="database.pwd" Value="zPvy7eFWOMHEtada/qnEUw=="/>

Delete other copies of EBSAdapter.xml on the server.

PROCESSIT Application

Encrypt URLs

You can encrypt URLs in PROCESSIT.

  1. Navigate to the Configuration Manager.
  2. Create a parameter setting for the configuration parameter Encrypt url (D4_ENCRYPT_URL_Y_N) set to Y.
  3. Verify that a pass-phrase is supplied in a corresponding configuration parameter setting for D4_ENCRYPT_PASSPHRASE.

Change password for SETUP user

Change the value for the configuration parameter Initial setup user password (D4_INITIAL_SETUP_USER_PASSWORD).

Be careful editing the value, as no validation check is performed.

PROCESSIT Database / Dehydration Store

Privileged user SYSTEM

You can change the password for the user SYSTEM in PROCESSIT Database. The password is not used after initial installation. Remember to also update processit.properties.

db.jdbc.sys.password = <newpassword>

Log in to PROCESSIT database as system or user that has dba privileges

alter user system identified by <newpassword>;

Database Link EBSDB

Log in to PROCESSIT database as user D4 and run these commands:


	drop public database link ebsdb;
	create database link EBSDB connect to XXD4_APPS identified by XXD4_APPS using 'EBSDB';

Log in to PROCESSIT database as user APPS


	create database link EBSDB connect to XXD4_APPS identified by XXD4_APPS using 'EBSDB';

Privileged user D4

Database
  1. Log in to processit database as d4 or a user that has dba privileges
  2. Change password by executing this sql: alter user d4 identified by <newpassword>;
  3. <newpassword> is the desired new password.
WebLogic
  1. Log in to the WebLogic Console
  2. Click on Data Sources under JDBC in the Domain Configurations section.
  3. Click the D4_DB_D4 data source.
  4. Click the Connection Pool tab
  5. Click Lock and Edit in the upper left of the screen to allow editing if necessary.
  6. Type and confirm the new password in the appropriate fields.
  7. Click Save.
  8. Click Activate Changes.
  9. Select the soadbDS data source.
  10. Repeat steps 4-8.
  11. Restart WebLogic
log4j.xml

To update the password in the file log4j.xml

  1. cd /oracle/middleware/user_projects/domains/d4
  2. vi log4j.xml
  3. <param name="username" value="d4"/>
  4. <param name="password" value="<newpassword>"/>
SOA Suite jdbc connection pools
  1. Log in to Application Server Control console http://<soaserver>:7777/em
  2. Click on oc4j_soa under the All Application Servers grouping.
  3. Click on the Administration tab.
  4. Click the Go to Task icon for JDBC Resources.
  5. Click the D4_DB_D4_POOL link under Connection Pools.
  6. Enter the new password and click Apply.
  7. Update processit.properties with new values for future upgrades.
  8. db.jdbc.d4.password = <newpassword>
  9. source.config.migration.d4.jdbc.password = <newpassword>
  10. target.config.migration.d4.jdbc.password = <newpassword>
  11. Update diagrpt.properties if you use PROCESSIT Diagnostics.

Privileged user APPS

  1. Log in to processit database as apps or user that has dba privileges.
  2. Change password by executing this sql: alter user apps identified by <newpassword>;
  3. <newpassword> is the desired new password.
In SOA Suite jdbc connection pool
  1. Log in to Application Server Control console at http://<soaserver>:7777/em
  2. Click on oc4j_soa under the All Application Servers grouping.
  3. Click on the Administration tab.
  4. Click the Go to Task icon for JDBC Resources.
  5. Click the D4_DB_APPS_POOL link under Connection Pools.
  6. Enter the new password and click Apply.
  7. Update processit.properties with new values for future upgrades.
  8. db.jdbc.d4apps.password = <newpassword>

ORABPEL and ORAESB

Instructions are based on the oracle support note How to Change the Password for ORABPEL and ORAESB Users in SOA 10.1.3.x [ID 552400.1] oracle support forums.

PROCESSIT Database / Dehydration Store

Do not use case sensitive passwords

  1. alter user orabpel identified by <newpassword>
  2. alter user oraesb identified by <newpassword>

Backup data-sources.xml and system-jazn-data.xml

  1. cd /oracle/as/product/10.1.3.1/OracleAS_1/j2ee/oc4j_soa/config
  2. cp data-sources.xml data-sources.xml.default
  3. cp system-jazn-data.xml system-jazn-data.xml.default
SOA Suite
  1. Log in to Enterprise Manager at http://<soaserver>:7777/em
  2. Go to the application server control page at http://<soaserver>:7777/em
  3. Click the link for the oc4j instance where bpel/esb has been installed. Usually oc4j_soa.
  4. Select the Administration tab.
  5. Go to Security → Security Providers
  6. Click the Instance Level Security button.
  7. Click on the Realms tab
  8. Click the number of users link Under the Users column.
  9. Find the user named pwForOrabpel or pwForOraesb in the User section.
  10. Click on the link to change the password to the one entered in the PROCESSIT database above. Provide the old and the new password. The password is case sensitive and must exactly match the one set in the Database.
  11. Click Apply. This associates the password with the pwForOrabpel value of the password attribute in the data-sources.xml file.
  12. Restart the SOA suite with the command opmnctl startall or sudo service soa stop / sudo service soa start
  13. Go to the application server control page at http://<soaserver>:7777>/em
  14. Select Administration tab.
  15. Go to Services → JDBC resources
  16. Under the Connection Pools section locate the following connections pools:
    • BPELPM_CONNECTION_POOL
    • ESBPool
    • ESBAQJMSPool
  17. Click the Test Connection button for each. Test the connection to make sure the new password is now used.

ORAWSM

ReadSoft recommends to not edit the password for ORAWSM.

Using indirect passwords in SOA SUITE jdbc Connection Pools

If you want the passwords for jdbc Connection Pools D4_DB_APPS_POOL, D4_DB_D4_POOL and D4_OEBS_APPS_POOL to be indirect, you have to do the following:

  1. Log in to the Application Server Control console (http://<soaserver>:7777/em
  2. Click on oc4j_soa under the All Application Servers Grouping
  3. Navigate to the tab Administration.
  4. Click the Go to Task icon for Security Providers
  5. Click Instance Level Security.
  6. Click Realms.
  7. Click the number under Heading Users
  8. Enter a name and password in the Database
  9. Click OK.

Repeat steps 8-10 for passwords for D4 in PROCESSIT database and APPS/XXD4_APPS in EBSDB.

Now update SOA Suite jdbc connection pools as above.

Type Name in use indirect password

Weblogic Administrative user weblogic

  1. Log in to WebLogic console http://<weblogicserver>:7001/console as weblogic
  2. Click on Security Realm in the Domain Structure menu on the left.
  3. Click on myrealm link under Realms.
  4. Click the Users and Groups tab.
  5. Click the Users tab.
  6. Select the weblogic user.
  7. Click the Passwords tab.
  8. Type and confirm new password.
  9. Click Save.
  10. Update boot.properties
    1. cd /oracle/middleware/user_projects/domains/d4/servers/AdminServer/security
    2. cp boot.properties boot.properties.default
    3. Modify boot.properties to have
      • username=weblogic
      • password=<newpassword>

Values are encrypted after the WebLogic is restarted.

Update processit.properties file with new password for future installs.

  1. weblogic.userId = weblogic
  2. weblogic.password = <newpassword>
  3. Update diagrpt.properties if you use PROCESSIT Diagnostics

SOA Suite Administrative user oc4jadmin

  1. Log in to Application Server Control console at http://<soaserver>:7777/em as oc4jadmin.
  2. Click on the Setup link at the top right of the page.
  3. Enter the old password, new password and confirm the new password.
  4. Click Apply.
  5. Log in to PROCESSIT as a user with access to Configuration Manager.
  6. Navigate to the Configuration Manager.
  7. Update the configuration parameter SOA Server Admin Account Password with the new value and click Save.
  8. Update processit.properties file with new password for future installs
    • bpel.usr = oc4jadmin
    • bpel.pwd = <newpassword>
    • esb.usr = oc4jadmin
    • esb.pwd = <newpassword>

processit.properties

These password properties have been changed. Make sure they are set correctly.

  • weblogic.password = <newpassword>
  • weblogic.server.password = <newpassword>
  • bpel.server.password = <newpassword>
  • db.server.password = <newpassword>
  • bpel.pwd = <newpassword>
  • esb.pwd = <newpassword>
  • db.jdbc.d4.password = <newpassword>
  • db.jdbc.d4apps.password = <newpassword>
  • db.jdbc.sys.password = <newpassword>
  • source.config.migration.d4.jdbc.password = <newpassword>
  • target.config.migration.d4.jdbc.password = <newpassword>

Encrypt processit.properties

  1. cd <inst_top>/config
  2. zip -m -P [password] processit.properties.zip processit.properties

To unzip processit.properties, doing an upgrade

unzip processit.properties.zip will ask for password

Delete all other processit.properties on the Installation Server