WindowsNTAuthenticatorMBean

Overview | Related MBeans | Attributes | Operations

Overview

This MBean contains configuration information for the Windows NT Authetication ProviderDeprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.WindowsNTAuthenticatorMBean

Factory Methods No factory methods. Instances of this MBean are created automatically.

Access Points Inherited from AuthenticationProviderMBean

Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:

RealmMBean.AuthenticationProviders

Related MBeans

This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.

Realm

Realm

Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

Privileges	Read only
Type	RealmMBean
Relationship type:	Reference.

Attributes

This section describes the following attributes:

BadDomainControllerRetry
BadDomainControllerRetryInterval
ControlFlag
Description
DomainControllerList
DomainControllers
LogonType

MapNTDomainName
MapUPNNames
Name
ProviderClassName
Version

BadDomainControllerRetry

Determines how the provider reacts when a bad domain controller name is found.Possible settings:Delay indicates the domain controller can be used again only after a certain amount of time has elapsed since it was last tried unsuccessfully.Never indicates a bad domain controller is never retried.Always indicates a bad domain controller is always retried.

Privileges	Read/Write
Type	java.lang.String
Default Value	Delay
Legal Values	Delay Never Always

BadDomainControllerRetryInterval

This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduces performance hits when a domain controller in the list of controllers is temporarily unavailable

Privileges	Read/Write
Type	java.lang.Integer
Default Value	60000

ControlFlag

Returns how the login sequence uses the Authentication provider.

A REQUIRED value specifies this LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

A REQUISITE value specifies this LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, control is return to the application.

A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

An OPTIONAL value specifies this LoginModule need not succeed. Whether it succeeds or fails, authentication proceeds down the LoginModule list.

Privileges	Read/Write
Type	java.lang.String
Default Value	REQUIRED
Legal Values	REQUIRED REQUISITE SUFFICIENT OPTIONAL

Description

The Windows NT Authentication provider enables Windows NT users and groups to be used for authentication purposes.

Privileges	Read only
Type	java.lang.String
Default Value	Provider that performs Windows NT Authentication
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

DomainControllerList

A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.Use if the Domain Controllers is set to List. The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].

Privileges	Read/Write
Type	class java.lang.String[]
Default Value	[LocalAndDomain]

DomainControllers

The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names. Possible settings:Local--local machine only.LocalAndDomain--the local machine and the domain that the machine is a member of (if it is not standalone).Domain--the domain that the machine is a member.List--Use the domain constrollers specified in the Domain Controller List setting.

Privileges	Read/Write
Type	java.lang.String
Default Value	LocalandDomain
Legal Values	Local LocalAndDomain Domain List

LogonType

Specfies whether the logon process should use Network or Interactive logon.

Privileges	Read/Write
Type	java.lang.String
Default Value	Interactive
Legal Values	Interactive Network

MapNTDomainName

Specifies whether the Windows NT domain information should be placed into principal names during authentication.Possible settings:Never--the Windows NT domain name is not placed in the principal names.OldUPN--the Windows NT domain name is placed in the principal names as domain\name.UPN-- the Windows NT domain name is placed in the principal names as name@domain.

Privileges	Read/Write
Type	java.lang.String
Default Value	Never
Legal Values	OldUPN UPN Never

MapUPNNames

Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (meaning will username@domain be used).Possible settings:First--names which match the UPN format should be treated as a UPN name first. If the name isn't a UPN name, the name will be treated as an unscoped name.Last--names which match the UPN format should be treated as a UPN name only if the name failed to be matched as an unscoped name.Always--names which match the UPN format will always be treated as a UPN name.This setting should only be used when there are no usernames with @. domain\username is not ambiguous and is always allowed.

Privileges	Read/Write
Type	java.lang.String
Default Value	First
Legal Values	First Last Always Never

Name

Privileges	Read only
Type	java.lang.String
Default Value	WindowsNTAuthenticator
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

ProviderClassName

The name of the Java class used to load the Windows NT Authentication provider.

Privileges	Read only
Type	java.lang.String
Default Value	weblogic.security.providers.authentication.NTAuthenticatorProviderImpl
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

Version

The version number of the Windows NT Authentication provider.

Privileges	Read only
Type	java.lang.String
Default Value	1.0
Redeploy or Restart required	Changes take effect after you redeploy the module or restart the server.

Operations

This section describes the following operations:

advance
close
getCurrentName
getGroupDescription
getUserDescription
groupExists
haveCurrent

isMember
listGroups
listUsers
userExists
wls_getDisplayName

advance

Advances the list to the next element in the list.

Operation Name	`"advance"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidCursorException`

close

Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

Operation Name	`"close"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`void`
Exceptions	`weblogic.management.utils.InvalidCursorException`

getCurrentName

The name of the current item in the list. Returns null if there is no current item.

Operation Name	`"getCurrentName"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidCursorException`

getGroupDescription

Gets a group's description.

Operation Name	`"getGroupDescription"`
Parameters	`Object [] { groupName }` where: `groupName` is an object of type `java.lang.String` that specifies: - The name of an existing group.
Signature	`String [] { "java.lang.String" }`
Returns	`String`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

getUserDescription

Gets a user's description.

Operation Name	`"getUserDescription"`
Parameters	`Object [] { userName }` where: `userName` is an object of type `java.lang.String` that specifies: - The name of an existing user.
Signature	`String [] { "java.lang.String" }`
Returns	`String`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

groupExists

Indicates whether the specified group exists.

Operation Name	`"groupExists"`
Parameters	`Object [] { groupName }` where: `groupName` is an object of type `java.lang.String` that specifies: - The name that this method evaluates.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidParameterException`

haveCurrent

Returns true if there are more objects in the list, and false otherwise.

Operation Name	`"haveCurrent"`
Parameters	`Object [] { cursor }` where: `cursor` is an object of type `java.lang.String` that specifies: - The cursor returned from a previous list method.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidCursorException`

isMember

Indicates whether a user or group is a member of the group that you specify. A recursive search returns true if the member belongs to the group that you specify or to any of the groups contained within that group."

Operation Name	`"isMember"`
Parameters	`Object [] { parentGroupName, memberUserOrGroupName, recursive }` where: `parentGroupName` is an object of type `java.lang.String` that specifies: - The existing group within which this method searches for membership. `memberUserOrGroupName` is an object of type `java.lang.String` that specifies: - The user or group name for which this method searches. `recursive` is an object of type `java.lang.Boolean` that specifies: - If set to `true`, the criteria for membership extends to any groups within the group that is specified by `parentGroupName`. If this argument is set to `false`, then this method checks only for direct membership within the `parentGroupName`.
Signature	`String [] { "java.lang.String", "java.lang.String", "java.lang.Boolean" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.NotFoundException` `weblogic.management.utils.InvalidParameterException`

listGroups

Searches for a user name that matches a pattern.

This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

This method does not sort the results.

Operation Name	`"listGroups"`
Parameters	`Object [] { groupNameWildcard, maximumToReturn }` where: `groupNameWildcard` is an object of type `java.lang.String` that specifies: - The pattern for which this method searches. The pattern can end with an `` (asterisk) as a wildcard, which matches any string of characters. The search is not case-sensitive. For example, a pattern of `abc` matches exactly one group name that contains only `abc`, a pattern of `ab` matches all group names that start with `ab`, and a pattern of `*` matches all group names. `maximumToReturn` is an object of type `java.lang.Integer` that specifies: - The maximum number of group names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.
Signature	`String [] { "java.lang.String", "java.lang.Integer" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidParameterException`

listUsers

Searches for a user name that matches a pattern.

This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

This method does not sort the results.

Operation Name	`"listUsers"`
Parameters	`Object [] { userNameWildcard, maximumToReturn }` where: `userNameWildcard` is an object of type `java.lang.String` that specifies: - The pattern for which this method searches. The pattern can end with an `` (asterisk) as a wildcard, which matches any string of characters. The search is not case-sensitive. For example, a pattern of `abc` matches exactly one user name that contains only `abc`, a pattern of `ab` matches all user names that start with `ab`, and a pattern of `*` matches all user names. `maximumToReturn` is an object of type `java.lang.Integer` that specifies: - The maximum number of user names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.
Signature	`String [] { "java.lang.String", "java.lang.Integer" }`
Returns	`String`
Exceptions	`weblogic.management.utils.InvalidParameterException`

userExists

Indicates whether the specified user exists.

Operation Name	`"userExists"`
Parameters	`Object [] { userName }` where: `userName` is an object of type `java.lang.String` that specifies: - The name that this method evaluates.
Signature	`String [] { "java.lang.String" }`
Returns	`boolean`
Exceptions	`weblogic.management.utils.InvalidParameterException`

wls_getDisplayName

Operation Name	`"wls_getDisplayName"`
Parameters	`null`
Signature	`null`
Returns	`String`