Maintenance¶

Managing Root Password¶

1. SERVER-SIDE (UPass Web Services) :
   should provide a ways for changing the password.
   ;
   Currently 2 option have been implemented:
   1. Via SelfTestV2's main method
      ;
      IMPORTANT: This only works when we use direct JDBC connections, which is usually the case for development environment. At least for M2U's UAT and Production we do, and will have to, use JNDI connections. Therefore, this option is NOT available in such environments.
      ;
   2. Via PasswordController's main method for cipher generation,
      following manual update of the respective column in the DB
      ;
2. CLIENT-SIDE (UPass Support System) :
   should provide a way for storing the password locally.
   This password is required by the server-side for all those
   service calls that deal with UPass Admin user type.
   ;
   Considered options are:
   1. Clear text in a config file (1)
   2. Base64 in a config file (2) : This is how USS stores it currently
   3. Encrypted in a config file,
      thus the need for a key
      ;
      1. Key in a config file (3)
      2. Key hard-coded in the source (4)
      3. Key in Java Key Store,
         thus the need for a password
         ;
         1. Password in a config file
            1. Clear text (5)
            2. Base64 (6)
               ;
         2. Password hard-coded in the source
            1. Clear text (7)
            2. Base64 (8)
               ;
3. SERVER & CLIENT COMBINED
   should provide a single screen flow on USS to change
   the password, updating both DB and the local storage.
   ;
   This is currently achievable using the following URL path:
   /m2u-upass-admin/ss101/changeRootPassword.do, like:
   http://172.31.20.101:7010/m2u-upass-admin/ss101/changeRootPassword.do
   ;
   At the above address, user will be presented with a form, to enter the
   old root password and also the new one. After all the validations have
   succeeded, a request will be sent to the server-side to change the value
   in DB, then upon a successful return code, the local Base64 password inside
   AppConfig will be updated programmatically.
   ;
   IMPORTANT: Please note that, any full deployment will overwrite the previous AppConfig.properties file, hence the Base64 value for the root password. Therefore, even by using this approach, the deployer has to update the AppConfig.properties manually.
   ;
   TODO: In order to address the issue with overwriting AppConfig and its password value, as described above, we could put the credential in a separate file outside the application folders, and reference its file path from AppConfig.

Managing First UPass Admin¶

One of the deliverables that we ship for production is a script for initializing the DB. In this DB script, TB_AM_USER table must have exactly 1 record that denotes the first administrator username/alias, with FORCE_RESET column set to 1. This will ensure that, after DB initialization, the very first time the admin logs into USS, he/she will be redirected to password-change form, where the user will be asked to enter the new password, as well as the old one.