Security Realms: General

The name of this security realm.

Specifies when this security realm should perform authorization checks on requests for access to Web applications and Enterprise JavaBeans (EJBs).

Used with the Advanced security model. To give you control over performance, the WebLogic Server Administration Console requires you to specify how the WebLogic Security Service should perform security checks. You specify this preference using the Check Roles and Policies attribute on the security realm.

When the value of the Check Roles and Policies setting is: All Web Applications and EJBs, the WebLogic Security Service performs security checks on all URL (Web) and EJB resources, regardless of whether there are any security settings in the deployment descriptors (DDs) for these WebLogic resources. If you change the value of the Check Roles and Policies drop-down menu to All Web Applications and EJBs, you also need to specify what the WebLogic Security Service should do when the URL or EJB resource is re-deployed.

If you decide that the WebLogic Security Service should perform security checks on All Web applications and EJBs in the Check Roles and Policies drop-down menu, you also need to tell WebLogic Server which technique you want to use to secure these URL (Web) and EJB resources. You specify this preference using the Future Redeploys attribute.

Used with the Advanced security model. Specifies whether security data is copied from the deployment descriptors into the appropriate security provider databases each time the Web application or EJB is deployed.

You should set the value of the Future Redeploys drop-down menu as follows:

• To secure your URL and EJB resources using only the WebLogic Server Administration Console, select the Ignore Roles and Policies From DD (Deployment Descriptors) option.
• To secure your URL and EJB resources using only the deployment descriptors (that is, the ejb-jar.xml, weblogic-ejb-jar.xml, web.xml, and weblogic.xmlfiles), selectInitialize roles and policies from DD option.

  For more information, see Securing WebLogic Resources.

Specifies whether the Credential Mapping providers in this security realm will use only credential maps created using the Administration Console. By default, this box is unchecked, meaning that the Credential Mapping provider will load credential maps specified in a weblogic-ra.xml deployment descriptor.

It is important to understand that once information from a weblogic-ra.xml deployment descriptor file is loaded into the embedded LDAP server, the original resource adapter remains unchanged. Therefore, if you redeploy the original resource adapter (which will happen if you redeploy it through the WebLogic Server Administration Console, modify it on disk, or restart WebLogic Server), the data will once again be imported from the weblogic-ra.xml deployment descriptor file and credential mapping information may be lost.

To avoid overwriting new credential mapping information with old information in a weblogic-ra.xml deployment descriptor file, enable the Ignore Security Data in Deployment Descriptors attribute.

MBean Attribute:
RealmMBean.IgnoreDeployCredentialMapping

Changes take effect after you redeploy the module or restart the server.

Specifies the default security deployment model for applications deployed in this security realm. Security models apply to applications containing EJBs or WARs.

Using the Deployment Assistant in the Console, choose one of these security models:

Deployment Descriptors Only: This security model uses only roles and policies defined by a developer in the J2EE deployment descriptor (DD) and the WebLogic Server DD. Applies for the life of the deployment.

Customize Roles Only: This security model uses policies defined in the J2EE DD, and ignores any Principal mappings in the WebLogic Server DD. The administrator completes the role mappings using the Administration Console. Applies for the life of the deployment.

Customize Roles and Policies: This security model ignores any roles and policies defined in deployment descriptors The administrator uses the Administration Console to secure the resources. Applies for the life of the deployment.

Security Realm Configuration (Advanced model): This security model lets you define a single security model for all deployments containing EJB and Web application resources at the realm level. Applies to redeployments of all applications in the realm. Prior to WebLogic Server version 9.0 this was the only security model available. Select Advanced Security if you want to continue to secure EJBs and Web Applications as in the previous release.

Refer to "Securing WebLogic Resources" for details about the security models.

MBean Attribute:
RealmMBean.SecurityDDModel

Specifies whether application role mappings are combined by the J2EE containers. If false the containers need internally defined mappings to use application role mappings. The setting is provided for backward compatibility with version (8.x) of WebLogic Server. For all applications initially deployed in version 9.x, the default value for this setting true (enabled). For all applications previously deployed in version 8.1 and upgraded to version 9.x, the default value is false (disabled).

The CombinedRoleMappingEnabled setting determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. When enabled:

- Application role mappings are combined with EJB and Web application mappings such that all principal mappings are included.

- The Web application container does not assume any role mapping defined for the Enterprise Application container, but instead creates an empty role map

- The EJB container does not assume any role mapping defined for the Enterprise or Application container, but instead creates an empty role map

Refer to "Securing WebLogic Resources" for details

MBean Attribute:
RealmMBean.CombinedRoleMappingEnabled