RealmMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.management.security.RealmMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.


Related MBeans

This section describes attributes that provide access to other MBeans.


Adjudicator

Returns the Adjudication provider for this security realm.

       
Factory MethodscreateAdjudicator (java.lang.String type)

destroyAdjudicator ( )

Factory methods do not return objects.

See Using factory methods.

Privileges Read only
TypeAdjudicatorMBean
Relationship type: Containment.

Auditors

Returns the Auditing providers for this security realm (in invocation order).

           
Factory MethodscreateAuditor (java.lang.String name)

destroyAuditor (AuditorMBean auditor)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupAuditor(String name)

Returns a javax.management.ObjectName for the instance of AuditorMBean named name.

Privileges Read/Write
TypeAuditorMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

AuthenticationProviders

Returns the Authentication providers for this security realm (in invocation order).

           
Factory MethodscreateAuthenticationProvider (java.lang.String type)

destroyAuthenticationProvider (AuthenticationProviderMBean authenticationProvider)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupAuthenticationProvider(String name)

Returns a javax.management.ObjectName for the instance of AuthenticationProviderMBean named name.

Privileges Read/Write
TypeAuthenticationProviderMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

Authorizers

Returns the Authorization providers for this security realm (in invocation order).

           
Factory MethodscreateAuthorizer (java.lang.String name)

destroyAuthorizer (AuthorizerMBean authorizer)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupAuthorizer(String name)

Returns a javax.management.ObjectName for the instance of AuthorizerMBean named name.

Privileges Read/Write
TypeAuthorizerMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

CertPathBuilder

Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders.

       
Privileges Read/Write
TypeCertPathBuilderMBean
Relationship type: Reference.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

CertPathProviders

Returns the Certification Path providers for this security realm (in invocation order).

           
Factory MethodscreateCertPathProvider (java.lang.String name)

destroyCertPathProvider (CertPathProviderMBean certPathProvider)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupCertPathProvider(String name)

Returns a javax.management.ObjectName for the instance of CertPathProviderMBean named name.

Privileges Read/Write
TypeCertPathProviderMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

CredentialMappers

Returns the Credential Mapping providers for this security realm (in invocation order).

           
Factory MethodscreateCredentialMapper (java.lang.String name)

destroyCredentialMapper (CredentialMapperMBean credentialMapper)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupCredentialMapper(String name)

Returns a javax.management.ObjectName for the instance of CredentialMapperMBean named name.

Privileges Read/Write
TypeCredentialMapperMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

KeyStores

Returns the KeyStore providers for this security realm (in invocation order).

Deprecated. 8.1.0.0

           
Factory MethodscreateKeyStore (java.lang.String type)

destroyKeyStore (KeyStoreMBean keystore)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupKeyStore(String name)

Returns a javax.management.ObjectName for the instance of KeyStoreMBean named name.

Privileges Read/Write
TypeKeyStoreMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

PasswordValidators

Returns the Password Validator providers for this security realm (in invocation order).

           
Factory MethodscreatePasswordValidator (java.lang.Class subClass)

destroyPasswordValidator (PasswordValidatorMBean provider)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupPasswordValidator(String name)

Returns a javax.management.ObjectName for the instance of PasswordValidatorMBean named name.

Privileges Read/Write
TypePasswordValidatorMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

RDBMSSecurityStore

Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration.

For more information, see:

       
Factory MethodscreateRDBMSSecurityStore (java.lang.String name)

destroyRDBMSSecurityStore ( )

Factory methods do not return objects.

See Using factory methods.

Privileges Read only
TypeRDBMSSecurityStoreMBean
Relationship type: Containment.

RoleMappers

Returns the Role Mapping providers for this security realm (in invocation order).

           
Factory MethodscreateRoleMapper (java.lang.String name)

destroyRoleMapper (RoleMapperMBean roleMapper)

Factory methods do not return objects.

See Using factory methods.

Lookup OperationlookupRoleMapper(String name)

Returns a javax.management.ObjectName for the instance of RoleMapperMBean named name.

Privileges Read/Write
TypeRoleMapperMBean[]
Relationship type: Containment.
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

UserLockoutManager

Returns the User Lockout Manager for this security realm.

       
Factory Methods No explicit creator method. The child shares the lifecycle of its parent.
Privileges Read only
TypeUserLockoutManagerMBean
Relationship type: Containment.


Attributes

This section describes the following attributes:


AdjudicatorTypes

Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

AuditorTypes

Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

AuthenticationProviderTypes

Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

AuthMethods

Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. The authentication methods will be applied in order in which they appear in the list.

       
Available Since Release 9.2.0.0
Privileges Read/Write
Typejava.lang.String

AuthorizerTypes

Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

CertPathProviderTypes

Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

CombinedRoleMappingEnabled

Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.

When enabled:

When disabled:

Note:

For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.

       
Available Since Release 9.0.0.0
Privileges Read/Write
Typeboolean
Default Valuetrue

CredentialMapperTypes

Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

DefaultRealm

Returns whether this security realm is the Default realm for the WebLogic domain. Deprecated in this release of WebLogic Server and replaced by weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm.

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean#getDefaultRealm()

       
Privileges Read/Write
Typeboolean

DelegateMBeanAuthorization

Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.

You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.

If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.

For more information, see:

       
Available Since Release 9.1.0.0
Privileges Read/Write
Typeboolean

DeployCredentialMappingIgnored

Returns whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.

Deprecated. 9.0.0.0

       
Privileges Read/Write
Typeboolean

DeployPolicyIgnored

Returns whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.

Deprecated. 9.0.0.0

       
Privileges Read/Write
Typeboolean

DeployRoleIgnored

Returns whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.

Deprecated. 9.0.0.0

       
Privileges Read/Write
Typeboolean

EnableWebLogicPrincipalValidatorCache

Returns whether the WebLogic Principal Validator caching is enabled.

The Principal Validator is used by BEA supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.

       
Privileges Read/Write
Typeboolean
Default Valuetrue

FullyDelegateAuthorization

Returns whether the Web and EJB containers should call the security framework on every access.

If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Deprecated. 9.0.0.0

       
Privileges Read/Write
Typeboolean

KeyStoreTypes

Returns the types of KeyStore providers that may be created in this security realm, for example, weblogic.security.providers.pk.DefaultKeyStore. Use this method to find the available types to pass to createKeyStore

Deprecated. 8.1.0.0

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

MaxWebLogicPrincipalsInCache

Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. This value is only used if EnableWebLogicPrincipalValidatorCache is set to true

       
Privileges Read/Write
Typejava.lang.Integer
Default Value500

Name

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

       
Privileges Read only
Typejava.lang.String
Default ValueRealm
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

PasswordValidatorTypes

Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. Use this method to find the available types to pass to createPasswordValidator

       
Available Since Release 10.0
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

RoleMapperTypes

Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

       
Privileges Read only
Typeclass java.lang.String[]
Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

SecurityDDModel

Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.

Note:

If you deploy a module by modifying the domain's config.xml file and restarting the server, and if you do not specify a security model value for the module in config.xml, the module is secured with the default value of the AppDeploymentMBean SecurityDDModelattribute (see AppDeploymentMBean SecurityDDModel ).

Choose one of these security models:

For more information, see:

       
Privileges Read/Write
Typejava.lang.String
Default ValueDDOnly
Legal Values
  • DDOnly
  • CustomRoles
  • CustomRolesAndPolicies
  • Advanced

ValidateDDSecurityData

Not used in this release.

       
Privileges Read/Write
Typeboolean


Operations

This section describes the following operations:


isSet

Returns true if the specified attribute has been set explicitly in this MBean instance.

   
Operation Name"isSet"
ParametersObject [] {  propertyName }

where:

  • propertyName is an object of type java.lang.String that specifies:

    property to check

SignatureString [] { "java.lang.String" }
Returns boolean
Exceptions
  • java.lang.IllegalArgumentException

unSet

Restore the given property to its default value.

   
Operation Name"unSet"
ParametersObject [] {  propertyName }

where:

  • propertyName is an object of type java.lang.String that specifies:

    property to restore

SignatureString [] { "java.lang.String" }
Returns void
Exceptions
  • java.lang.IllegalArgumentException
    UnsupportedOperationException if called on a runtime implementation.

validate

Checks that the realm is valid.

Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured.

   
Operation Name"validate"
Parametersnull
Signaturenull
Returns void
Exceptions
  • weblogic.management.utils.ErrorCollectionException

wls_getDisplayName

Returns the display name of an MBean.

Deprecated 9.0.0.0

   
Operation Name"wls_getDisplayName"
Parametersnull
Signaturenull
ReturnsString