|
Administration Console Online Help
|
Security Realm-->General
Tasks Related Topics Attributes
Overview
A security realm provides all the auditing, authentication, authorization, credential mapping, and role mapping services to a WebLogic Server deployment. You can configure multiple security realms within a single WebLogic Server deployment. Use this tab to configure a new security realm.
Only one security realm is designated as the default security realm. If you want your newly configured security realm to be the default security realm, click the View Domain-Wide Security Settings link on the General tab on the Domain node. Then click the General tab. For more information, see Changing the Default Security Realm.
For any security realm to be valid, configure each of the following types of security providers (in any order):
- Authentication
- Authorization
- Adjudication
- Credential Mapping
- Role Mapping
At least one Authorization, Credential Mapping, and Role Mapping provider in the security realm must implement the DeployableAuthorizationProvider, DeployableCredentialProvider, and DeployableRoleProvider Security Service Provider Interface (SSPI). This SSPI allows the providers to store (rather than retrieve) information from deployment descriptors.
The J2EE Security Mode attribute specifies whether or not security for EJBs and Web applications is defined through the Administration Console or through deployment descriptors. The following options are available:
- Enforce on all methods—This option specifies that all security for EJBs and Web applications is set through the Define Role and Define Policy functions of the Administration Console. When choosing this option, you also need to set the Deployment Descriptor Security Behavior attribute.
- Limit Enforcement to deployment descriptor—This option specifies that security is only enforced for EJBs and Web applications that have security defined in the deployment descriptor. Each time an application is deployed, the deployment descriptor updates the security information in the Administration Console. When choosing this option, the Deployment Descriptor Security Behavior attributed is grayed-out.
The Deployment Descriptor Security Behavior attributes specifies whether or not WebLogic Server loads security data from the weblogic.xml and weblogic-ejb-jar.xml deployment descriptors into the Authorization and Role Mapping providers configured for the security realm each time an application is deployed. The following options are available:
- Seed security from deployment descriptors—Choose this option to load security data from deployment descriptors into the Authorization, Role Mapping, and Credential Mapping providers configured for the security realm. Once the security data from deployment descriptors is loaded into the Authorization, Role Mapping, and Credential mapping providers, changes made through the WebLogic Server Administration Console take immedicately effect but are not persisted back to the deployment descriptors. Therefore, each time an application is deployed, the deployment descriptors are used to update the information in the Administration Console.
- Ignore security in deployment descriptors—Choose this option to ONLY specify security for EJBs and Web applications through the Administration Console. Any security changes made in the deployment decriptors are not persisted to the Administration Console.
The Web resource is deprecated in WebLogic Server 7.p SP02. If you wrote a custom Authorization provider that uses the Web resource (instread of the URL resource), enable the Use Deprecated Web Resource attribute. This attribute changes the runtime behavior of the Servlet container to use a Web resource rather than a URL resource when performing authorization.
Tasks
Changing the Default Security Realm
Related Topics
Introduction to WebLogic Security
Managing WebLogic Security
Programmimg WebLogic Security
Developing Security Providers for WebLogic Server
Securing a WebLogic Server Deployment
Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0
Security FAQ
The Security page in the WebLogic Server documentation
Attributes
Table 0-16
|
Attribute Label
|
Description
|
Value Constraints
|
|
Name
|
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.
MBean: weblogic.management.
security.RealmMBean
Attribute: Name
|
|
|
J2EE Security Mode
|
MBean: weblogic.management.
security.RealmMBean
Attribute: J2EESecurityMode
|
|
|
Deployment Descriptor Security Behavior
|
Specifies whether this security realm should ignore any security constraints that are defined in the deployment descriptors for Web applications and Enterprise JavaBeans (EJBs).
MBean: weblogic.management.
security.RealmMBean
Attribute: DeployIgnoredAttribute
|
|
|
Ignore Deploy Credential Mapping
|
Specifies whether or not credential mapping deployment calls on the Credential Manager are ignored or passed to the configured Credential Mapping providers.
MBean: weblogic.management.
security.RealmMBean
Attribute: DeployCredentialMappingIgnored
|
Default: new java.lang.Boolean(false)
Valid values:
|
|
Use Deprecated Web Resource
|
Web resources were deprecated in WebLogic Server 7.0 SP01. URL resources replace Web resources. If this security realm has an Authorization provider that requires the use of Web resources, set this attribute to true.
MBean: weblogic.management.
security.RealmMBean
Attribute: UseDeprecatedWebResource
|
Default: new java.lang.Boolean(false)
Valid values:
|
