DefaultIdentityAsserterMBean (BEA WebLogic Server 9.0 API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Type-Safe Access to BEA WebLogic Server 9.0 MBeans (Deprecated)

(Methods marked with @since 9.0.0.0 are not available through the deprecated `MBeanHome` interface.)

weblogic.security.providers.authentication
Interface DefaultIdentityAsserterMBean

All Superinterfaces:: AuthenticationProviderMBean, weblogic.descriptor.DescriptorBean, IdentityAsserterMBean, ProviderMBean, weblogic.descriptor.SettableBean, weblogic.management.commo.StandardInterface

public interface DefaultIdentityAsserterMBean
extends weblogic.management.commo.StandardInterface, weblogic.descriptor.DescriptorBean, IdentityAsserterMBean

The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.Deprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

Method Summary
`String`	`getDefaultUserNameMapperAttributeDelimiter()` The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
`String`	`getDefaultUserNameMapperAttributeType()` The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
`String`	`getDescription()` A short description of the Identity Assertion provider.
`String`	`getDigestDataSourceName()` The name of the data source to use for storage digest values.
`int`	`getDigestExpirationTimePeriod()` Determines how long digests are valid.
`String`	`getName()` The name of this configuration.
`String`	`getProviderClassName()` The name of the Java class used to load the Identity Assertion provider.
`String[]`	`getSupportedTypes()` The token types supported by the Identity Assertion provider.
`String[]`	`getTrustedClientPrincipals()` The list of trusted client principals to use in CSI v2 identity assertion.
`String`	`getUserNameMapperClassName()` The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
`String`	`getVersion()` The version number of the Identity Assertion provider.
`boolean`	`isDigestReplayDetectionEnabled()` Enables the storage of the digest nonce values used to detect replay attacks.
`boolean`	`isUseDefaultUserNameMapper()` Uses the user name mapping class provided by WebLogic Server.
`void`	`setDefaultUserNameMapperAttributeDelimiter(String newValue)` The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
`void`	`setDefaultUserNameMapperAttributeType(String newValue)` The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
`void`	`setDigestDataSourceName(String newValue)` The name of the data source to use for storage digest values.
`void`	`setDigestExpirationTimePeriod(int newValue)` Determines how long digests are valid.
`void`	`setDigestReplayDetectionEnabled(boolean newValue)` Enables the storage of the digest nonce values used to detect replay attacks.
`void`	`setTrustedClientPrincipals(String[] newValue)` The list of trusted client principals to use in CSI v2 identity assertion.
`void`	`setUseDefaultUserNameMapper(boolean newValue)` Uses the user name mapping class provided by WebLogic Server.
`void`	`setUserNameMapperClassName(String newValue)` The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.

Methods inherited from interface weblogic.management.commo.StandardInterface

setName, wls_getDisplayName, wls_getInterfaceClassName, wls_getObjectName

Methods inherited from interface weblogic.descriptor.DescriptorBean

addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener

Methods inherited from interface weblogic.descriptor.SettableBean

isSet, unSet

Methods inherited from interface weblogic.management.security.authentication.IdentityAsserterMBean

getActiveTypes, getBase64DecodingRequired, setActiveTypes, setBase64DecodingRequired

Methods inherited from interface weblogic.management.security.ProviderMBean

getRealm

Method Detail

getDefaultUserNameMapperAttributeDelimiter

public String getDefaultUserNameMapperAttributeDelimiter()

The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

Default value:: "@"
A dynamic MBean attribute.: false

getDefaultUserNameMapperAttributeType

public String getDefaultUserNameMapperAttributeType()

The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.

Default value:: "E"
Legal values:: "C","CN","E","L","O","OU","S","STREET"
A dynamic MBean attribute.: false

getDescription

public String getDescription()

A short description of the Identity Assertion provider.

Specified by:: getDescription in interface ProviderMBean

Default value:: "WebLogic Identity Assertion provider"
A dynamic MBean attribute.: false
A non-configurable MBean attribute.

getDigestDataSourceName

public String getDigestDataSourceName()

The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.

A dynamic MBean attribute.: false

getDigestExpirationTimePeriod

public int getDigestExpirationTimePeriod()

Determines how long digests are valid. A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.

Default value:: (new java.lang.Integer(300)).intValue()
A dynamic MBean attribute.: false

getName

public String getName()

Description copied from interface: ProviderMBean

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:: getName in interface weblogic.management.commo.StandardInterface

Default value:: "DefaultIdentityAsserter"
A dynamic MBean attribute.: false

getProviderClassName

public String getProviderClassName()

The name of the Java class used to load the Identity Assertion provider.

Specified by:: getProviderClassName in interface ProviderMBean

Default value:: "weblogic.security.providers.authentication.DefaultIdentityAsserterProviderImpl"
A dynamic MBean attribute.: false
A non-configurable MBean attribute.
Excluded: Should not appear in public javadocs
Internal: Should not appear in public javadocs

getSupportedTypes

public String[] getSupportedTypes()

The token types supported by the Identity Assertion provider.

Specified by:: getSupportedTypes in interface IdentityAsserterMBean

Default value:: weblogic.security.spi.IdentityAsserter.AU_TYPE,weblogic.security.spi.IdentityAsserter.X509_TYPE,weblogic.security.spi.IdentityAsserter.CSI_PRINCIPAL_TYPE,weblogic.security.spi.IdentityAsserter.CSI_ANONYMOUS_TYPE,weblogic.security.spi.IdentityAsserter.CSI_X509_CERTCHAIN_TYPE,weblogic.security.spi.IdentityAsserter.CSI_DISTINGUISHED_NAME_TYPE,weblogic.security.spi.IdentityAsserter.WSSE_PASSWORD_DIGEST_TYPE
A dynamic MBean attribute.: false
A non-configurable MBean attribute.

getTrustedClientPrincipals

public String[] getTrustedClientPrincipals()

The list of trusted client principals to use in CSI v2 identity assertion. The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.

A dynamic MBean attribute.: false

getUserNameMapperClassName

public String getUserNameMapperClassName()

The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.

A dynamic MBean attribute.: false

getVersion

public String getVersion()

The version number of the Identity Assertion provider.

Specified by:: getVersion in interface ProviderMBean

Default value:: "1.0"
A dynamic MBean attribute.: false
A non-configurable MBean attribute.

isDigestReplayDetectionEnabled

public boolean isDigestReplayDetectionEnabled()

Enables the storage of the digest nonce values used to detect replay attacks. If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.

Default value:: (new java.lang.Boolean(false)).booleanValue()
A dynamic MBean attribute.: false

isUseDefaultUserNameMapper

public boolean isUseDefaultUserNameMapper()

Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired. If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.

Default value:: (new java.lang.Boolean(false)).booleanValue()
A dynamic MBean attribute.: false

setDefaultUserNameMapperAttributeDelimiter

public void setDefaultUserNameMapperAttributeDelimiter(String newValue)
                                                throws InvalidAttributeValueException