"Clear Text Credential Access Enabled" field

Question

Can somebody please explain the usage of "Clear Text Credential Access Enabled" check-box under "->Security->Advanced tab for Weblogic 11g?

What is the difference if we set or unset this flag?

If I don't set this flag I get an exception when trying to set a value for the "Credential" field:

Access to sensitive attribute in clear text is not allowed due to the setting of
ClearTextCredentialAccessEnabled attribute in SecurityConfigurationMBean

What should the value for the "Credential" field be if I don't set the "Clear Text Credential Access Enabled" flag?

Answer 1

This feature will allow you to type in plain text credentials for, among other things, Datasources.

To enable this feature via the Weblogic console:

1. Log into the console
2. Under "Domain structure", click the name of your domain
3. Enable the UI for amending configuration
4. Select the "Security" tab
5. Expand the "Advanced" tab
6. Tick "Clear Text Credential Access Enabled"
7. Click "Save"
8. Apply changes to the UI configuration

Answer 2

This is a security feature so Weblogic stops you from entering passwords stored in clear text.

It's just so helpful and user friendly that it just doesn't work by default. Ain't that helpful? Instead of encrypting it for the user it just barfs with that error telling you nothing how to fix it, but a decent UI shields you from details like this. From what I can tell it basically renders the whole point of having a UI pointless until you turn it off, and leads to less security not more. Yay weblogic you're not helping.

So to turn off by adding this to your startup VM parameters:

-Dweblogic.management.clearTextCredentialAccessEnabled=true

Or changing that little ticky mark in the UI.

How to actually use weblogic without turning it off? Unknown. I read the docs, but they made no sense, and the More Info link spit out a WSDL at me. Really Weblogic? You call this decent UI experience? No wonder everyone just uses tomcat.