Type-Safe Access to BEA WebLogic Server 9.0 MBeans (Deprecated)

(Methods marked with @since 9.0.0.0 are not available through the deprecated MBeanHome interface.)

weblogic.management.configuration
Interface SecurityConfigurationMBean

All Superinterfaces:

ConfigurationMBean, weblogic.descriptor.DescriptorBean, DynamicMBean, MBeanRegistration, NotificationBroadcaster, weblogic.descriptor.SettableBean, weblogic.management.WebLogicMBean

public interface SecurityConfigurationMBean

extends ConfigurationMBean

Provides domain-wide security configuration information.

Deprecation of MBeanHome and Type-Safe Interfaces

This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

Since:

7.0.0.0

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

RealmMBean	createRealm() Creates a realm.
RealmMBean	createRealm(String name) Creates a realm.
void	destroyRealm(RealmMBean realm) Destroys a realm.
RealmMBean	findDefaultRealm() Deprecated. 9.0.0.0 Replaced by getDefaultRealm()
RealmMBean	findRealm(String realmDisplayName) Deprecated. 9.0.0.0 Replaced by lookupRealm(java.lang.String)
RealmMBean[]	findRealms() Deprecated. 9.0.0.0 Replaced by getRealms()
byte[]	generateCredential() Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
boolean	getCompatibilityConnectionFiltersEnabled() Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.
String	getConnectionFilter() The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface).
String[]	getConnectionFilterRules() The rules used by any connection filter that implements the ConnectionFilterRulesListener interface.
boolean	getConnectionLoggerEnabled() Specifies whether this WebLogic Server domain should log accepted connections.
RealmMBean	getDefaultRealm() Returns the default security realm or null if no realm has been selected as the default security realm.
boolean	getDowngradeUntrustedPrincipals() Whether or not to downgrade to anonymous principals that cannot be verified.
boolean	getEnforceStrictURLPattern() Whether or not the system should enforce strict URL pattern or not.
String	getNodeManagerPassword() The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
byte[]	getNodeManagerPasswordEncrypted() The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
String	getNodeManagerUsername() The user name that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
RealmMBean[]	getRealms() Returns all the realms in the domain.
String	getWebAppFilesCaseInsensitive() This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, etc.
boolean	isAnonymousAdminLookupEnabled() Returns true if anonymous JNDI access for Admin MBean home is permitted.
RealmMBean	lookupRealm(String name) Finds a realm given it's name.
void	setAnonymousAdminLookupEnabled(boolean permit) Permits anonymous JNDI access to get the Admin MBean home.
void	setCompatibilityConnectionFiltersEnabled(boolean compatibility)
void	setConnectionFilter(String filter)
void	setConnectionFilterRules(String[] filterList)
void	setConnectionLoggerEnabled(boolean logging)
void	setCredential(String credential) As of 8.1 sp4, this method does the following:
void	setCredentialEncrypted(byte[] bytes) Encrypts and sets the value of the CredentialEncrypted attribute.
void	setDefaultRealm(RealmMBean defaultRealm) Sets the default security realm.
void	setDowngradeUntrustedPrincipals(boolean downgrade)
void	setEnforceStrictURLPattern(boolean enforceStrictURLPattern)
void	setNodeManagerPassword(String password) Sets the value of the NodeManagerPassword attribute.
void	setNodeManagerPasswordEncrypted(byte[] bytes) Sets the value of the NodeManagerPassword attribute.
void	setNodeManagerUsername(String username) Sets the node manager username for the domain.
void	setWebAppFilesCaseInsensitive(String caseInsensitive) Sets the value for the WebAppFilesCaseInsensitive.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getName, getNotes, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.descriptor.DescriptorBean

addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener

Method Detail

createRealm

public RealmMBean createRealm()
                       throws JMException

Creates a realm.

Throws:

JMException

createRealm

public RealmMBean createRealm(String name)
                       throws JMException

Creates a realm.

Parameters:

name - - The name of this realm, for example, myrealm

Throws:

JMException

destroyRealm

public void destroyRealm(RealmMBean realm)

Destroys a realm. This does not destroy its providers or its user lockout manager.

findDefaultRealm

public RealmMBean findDefaultRealm()

Deprecated. 9.0.0.0 Replaced by getDefaultRealm()

Finds the default security realm. Returns null if a default security realm is not defined.

findRealm

public RealmMBean findRealm(String realmDisplayName)

Deprecated. 9.0.0.0 Replaced by lookupRealm(java.lang.String)

Finds a realm by name (that is, by the display name of the realm). Returns null no realm with that name has been defined. Throws a configuration error if there are multiple matches.

Parameters:

realmDisplayName - A String containing the realm's display name.

findRealms

public RealmMBean[] findRealms()

Deprecated. 9.0.0.0 Replaced by getRealms()

Returns all the realms in the domain.

generateCredential

public byte[] generateCredential()

Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted

Returns:

a new encrypted byte array suitable for use as a domain credential.

getCompatibilityConnectionFiltersEnabled

public boolean getCompatibilityConnectionFiltersEnabled()

Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.

This attribute changes the protocols names used when filtering needs to be performed.

Since:

9.0.0.0

Default value:

false

A dynamic MBean attribute.

true

getConnectionFilter

public String getConnectionFilter()

The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.

This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.

Since:

9.0.0.0

Default value:

null

A dynamic MBean attribute.

false

getConnectionFilterRules

public String[] getConnectionFilterRules()

The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.

This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.

Since:

9.0.0.0

Default value:

null

A dynamic MBean attribute.

true

getConnectionLoggerEnabled

public boolean getConnectionLoggerEnabled()

Specifies whether this WebLogic Server domain should log accepted connections.

This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.

Since:

9.0.0.0

Default value:

false

A dynamic MBean attribute.

true

getDefaultRealm

public RealmMBean getDefaultRealm()

Returns the default security realm or null if no realm has been selected as the default security realm.

A dynamic MBean attribute.

false

getDowngradeUntrustedPrincipals

public boolean getDowngradeUntrustedPrincipals()

Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.

Returns:

the DowngradeUntrustedPrincipals value

Since:

9.0.0.0

Default value:

false

A dynamic MBean attribute.

false

getEnforceStrictURLPattern

public boolean getEnforceStrictURLPattern()

Whether or not the system should enforce strict URL pattern or not.

Returns:

the EnforceStrictURLPattern value

Since:

9.0.0.0

Default value:

true

A dynamic MBean attribute.

false

getNodeManagerPassword

public String getNodeManagerPassword()

The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the NodeManagerPasswordEncrypted attribute.
2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the NodeManagerPasswordEncrypted attribute to the encrypted value.

Using this attribute (NodeManagerPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use NodeManagerPasswordEncrypted.

Returns:

the password value

Since:

9.0.0.0

See Also:

getNodeManagerPasswordEncrypted()

getNodeManagerPasswordEncrypted

public byte[] getNodeManagerPasswordEncrypted()

The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.

To set this attribute, pass an unencrypted string to the MBean server's setAttribute method. WebLogic Server encrypts the value and sets the attribute to the encrypted value.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Returns:

the password value

Since:

9.0.0.0

See Also:

weblogic.management.EncryptionHelper

Default value:

"".getBytes()

A dynamic MBean attribute.

true

getNodeManagerUsername

public String getNodeManagerUsername()

The user name that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.

When you enable Node Manager to control a domain, you specify the name of a user who has Operator privileges. This is the user name that you must specify for this (NodeManagerUsername) attribute.

Returns:

the username value

Since:

9.0.0.0

Default value:

""

A dynamic MBean attribute.

true

getRealms

public RealmMBean[] getRealms()

Returns all the realms in the domain.

A dynamic MBean attribute.

false

getWebAppFilesCaseInsensitive

public String getWebAppFilesCaseInsensitive()

This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, etc. in the WebApp container and external security policies. When the value is set to "os", the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic doesn't enforce case sensitivity and relies on the file system for optimization. Therefore, if you have a Windows Samba mount from UNIX or Mac OS that has been installed in case-insensitive mode, there is a chance of security risk. In that case, please specify case-insensitive lookups by setting this attribute to true. Note that this property is used to preserve backward compatibility on Windows file systems. In prior releases, WebLogic was case- insensitive on Windows. Starting with 9.0 release the URL-pattern matching will be strictly enforced. During the upgrade of older domains the value of this parameter is explicitly set to "os" by the upgrade plug-in, in order to preserve backward compatibility.

Default value:

"false"

Legal values:

"os", "true", "false"

A dynamic MBean attribute.

false

isAnonymousAdminLookupEnabled

public boolean isAnonymousAdminLookupEnabled()

Returns true if anonymous JNDI access for Admin MBean home is permitted. This is overridden by the Java property -Dweblogic.management.anonymousAdminLookupEnabled.

Returns:

true if anonymous access is allowed, false otherwise

Default value:

false

A dynamic MBean attribute.

false

lookupRealm

public RealmMBean lookupRealm(String name)

Finds a realm given it's name. The name is often its JMX object name (e.g. Security:Name=myrealm)

setAnonymousAdminLookupEnabled

public void setAnonymousAdminLookupEnabled(boolean permit)

Permits anonymous JNDI access to get the Admin MBean home.

Parameters:

permit - The new value.

See Also:

isAnonymousAdminLookupEnabled()

setCompatibilityConnectionFiltersEnabled

public void setCompatibilityConnectionFiltersEnabled(boolean compatibility)
                                              throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

setConnectionFilter

public void setConnectionFilter(String filter)
                         throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

setConnectionFilterRules

public void setConnectionFilterRules(String[] filterList)

setConnectionLoggerEnabled

public void setConnectionLoggerEnabled(boolean logging)
                                throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

setCredential

public void setCredential(String credential)
                   throws InvalidAttributeValueException

As of 8.1 sp4, this method does the following:

1. Encrypts the parameter value.
2. Sets the value of the CredentialEncrypted attribute to the encrypted parameter value.

Parameters:

credential - The new credential value

Throws:

InvalidAttributeValueException

See Also:

getCredential(), setCredentialEncrypted(byte[] bytes)

setCredentialEncrypted

public void setCredentialEncrypted(byte[] bytes)
                            throws InvalidAttributeValueException

Encrypts and sets the value of the CredentialEncrypted attribute.

Parameters:

bytes - The new credential value as a byte array.

Throws:

InvalidAttributeValueException

See Also:

getCredentialEncrypted()

setDefaultRealm

public void setDefaultRealm(RealmMBean defaultRealm)
                     throws InvalidAttributeValueException

Sets the default security realm.

Throws:

InvalidAttributeValueException

setDowngradeUntrustedPrincipals

public void setDowngradeUntrustedPrincipals(boolean downgrade)

Parameters:

downgrade - the new DowngradeUntrustedPrincipals value

See Also:

getDowngradeUntrustedPrincipals()

setEnforceStrictURLPattern

public void setEnforceStrictURLPattern(boolean enforceStrictURLPattern)

Parameters:

enforceStrictURLPattern - the new EnforceStrictURLPattern value

See Also:

getEnforceStrictURLPattern()

setNodeManagerPassword

public void setNodeManagerPassword(String password)

Sets the value of the NodeManagerPassword attribute.

Parameters:

password - the new password value

Since:

9.0.0.0

See Also:

getNodeManagerPassword(), setNodeManagerPasswordEncrypted(byte[])

setNodeManagerPasswordEncrypted

public void setNodeManagerPasswordEncrypted(byte[] bytes)

Sets the value of the NodeManagerPassword attribute.

Since:

9.0.0.0

See Also:

#getNodeManagerPasswordEncrytped()

setNodeManagerUsername

public void setNodeManagerUsername(String username)

Sets the node manager username for the domain.

Parameters:

username - the new username value

Since:

9.0.0.0

See Also:

getNodeManagerUsername()

setWebAppFilesCaseInsensitive

public void setWebAppFilesCaseInsensitive(String caseInsensitive)
                                   throws InvalidAttributeValueException

Sets the value for the WebAppFilesCaseInsensitive.

Parameters:

caseInsensitive - The new value caseInsensitive.

Throws:

InvalidAttributeValueException

See Also:

getWebAppFilesCaseInsensitive()