RealmMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

       
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.management.security.RealmMBean
Factory Methods
Additional Access Points In addition to accessing this MBean by invoking a factory method, you can also access this MBean from the following MBean attributes:
Deprecated Factory Methods and Access Points


    Related MBeans

    This section describes attributes that provide access to other MBeans.


    Adjudicator

    Returns the Adjudication provider for this security realm.

           
    Factory MethodscreateAdjudicator (java.lang.String type)

    destroyAdjudicator ( )

    Factory methods do not return objects.

    See Using factory methods.

    Privileges Read only
    TypeAdjudicatorMBean
    Relationship type: Containment.

    Auditors

    Returns the Auditing providers for this security realm (in invocation order).

               
    Factory MethodscreateAuditor (java.lang.String name)

    destroyAuditor (AuditorMBean auditor)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuditor(String name)

    Returns a javax.management.ObjectName for the instance of AuditorMBean named name.

    Privileges Read/Write
    TypeAuditorMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthenticationProviders

    Returns the Authentication providers for this security realm (in invocation order).

               
    Factory MethodscreateAuthenticationProvider (java.lang.String type)

    destroyAuthenticationProvider (AuthenticationProviderMBean authenticationProvider)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuthenticationProvider(String name)

    Returns a javax.management.ObjectName for the instance of AuthenticationProviderMBean named name.

    Privileges Read/Write
    TypeAuthenticationProviderMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    Authorizers

    Returns the Authorization providers for this security realm (in invocation order).

               
    Factory MethodscreateAuthorizer (java.lang.String name)

    destroyAuthorizer (AuthorizerMBean authorizer)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuthorizer(String name)

    Returns a javax.management.ObjectName for the instance of AuthorizerMBean named name.

    Privileges Read/Write
    TypeAuthorizerMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathBuilder

    Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders.

           
    Privileges Read/Write
    TypeCertPathBuilderMBean
    Relationship type: Reference.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathProviders

    Returns the Certification Path providers for this security realm (in invocation order).

               
    Factory MethodscreateCertPathProvider (java.lang.String name)

    destroyCertPathProvider (CertPathProviderMBean certPathProvider)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupCertPathProvider(String name)

    Returns a javax.management.ObjectName for the instance of CertPathProviderMBean named name.

    Privileges Read/Write
    TypeCertPathProviderMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CredentialMappers

    Returns the Credential Mapping providers for this security realm (in invocation order).

               
    Factory MethodscreateCredentialMapper (java.lang.String name)

    destroyCredentialMapper (CredentialMapperMBean credentialMapper)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupCredentialMapper(String name)

    Returns a javax.management.ObjectName for the instance of CredentialMapperMBean named name.

    Privileges Read/Write
    TypeCredentialMapperMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    KeyStores

    Returns the KeyStore providers for this security realm (in invocation order).

    Deprecated. 8.1.0.0

               
    Factory MethodscreateKeyStore (java.lang.String type)

    destroyKeyStore (KeyStoreMBean keystore)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupKeyStore(String name)

    Returns a javax.management.ObjectName for the instance of KeyStoreMBean named name.

    Privileges Read/Write
    TypeKeyStoreMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    PasswordValidators

    Returns the Password Validator providers for this security realm (in invocation order).

               
    Factory MethodscreatePasswordValidator (java.lang.Class subClass)

    destroyPasswordValidator (PasswordValidatorMBean provider)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupPasswordValidator(String name)

    Returns a javax.management.ObjectName for the instance of PasswordValidatorMBean named name.

    Privileges Read/Write
    TypePasswordValidatorMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    RDBMSSecurityStore

    Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration.

    For more information, see:

           
    Factory MethodscreateRDBMSSecurityStore (java.lang.String name)

    destroyRDBMSSecurityStore ( )

    Factory methods do not return objects.

    See Using factory methods.

    Privileges Read only
    TypeRDBMSSecurityStoreMBean
    Relationship type: Containment.

    RoleMappers

    Returns the Role Mapping providers for this security realm (in invocation order).

               
    Factory MethodscreateRoleMapper (java.lang.String name)

    destroyRoleMapper (RoleMapperMBean roleMapper)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupRoleMapper(String name)

    Returns a javax.management.ObjectName for the instance of RoleMapperMBean named name.

    Privileges Read/Write
    TypeRoleMapperMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    UserLockoutManager

    Returns the User Lockout Manager for this security realm.

           
    Factory Methods No explicit creator method. The child shares the lifecycle of its parent.
    Privileges Read only
    TypeUserLockoutManagerMBean
    Relationship type: Containment.


    Attributes

    This section describes the following attributes:


    AdjudicatorTypes

    Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuditorTypes

    Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthenticationProviderTypes

    Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthMethods

    Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. The authentication methods will be applied in order in which they appear in the list.

           
    Available Since Release 9.2.0.0
    Privileges Read/Write
    Typejava.lang.String

    AuthorizerTypes

    Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathProviderTypes

    Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CombinedRoleMappingEnabled

    Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.

    When enabled:

    When disabled:

    Note:

    For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.

           
    Available Since Release 9.0.0.0
    Privileges Read/Write
    Typeboolean
    Default Valuetrue

    CredentialMapperTypes

    Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    DefaultRealm

    Returns whether this security realm is the Default realm for the WebLogic domain. Deprecated in this release of WebLogic Server and replaced by weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm.

    Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean#getDefaultRealm()

           
    Privileges Read/Write
    Typeboolean

    DelegateMBeanAuthorization

    Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.

    You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.

    If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.

           
    Available Since Release 9.1.0.0
    Privileges Read/Write
    Typeboolean

    DeployableProviderSynchronizationEnabled

    Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.

    The Authorization and Role Mapping providers may or may not support parallel security policy and role modification, respectively, in the security provider database. If the security providers do not support parallel modification, the WebLogic Security Framework enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.

           
    Available Since Release 10.3
    Privileges Read/Write
    Typeboolean

    DeployableProviderSynchronizationTimeout

    Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation. This value is only used if DeployableProviderSynchronizationEnabled is set to true

           
    Available Since Release 10.3
    Privileges Read/Write
    Typejava.lang.Integer
    Default Value60000

    DeployCredentialMappingIgnored

    Returns whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    DeployPolicyIgnored

    Returns whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    DeployRoleIgnored

    Returns whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    EnableWebLogicPrincipalValidatorCache

    Returns whether the WebLogic Principal Validator caching is enabled.

    The Principal Validator is used by Oracle supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.

           
    Privileges Read/Write
    Typeboolean
    Default Valuetrue

    FullyDelegateAuthorization

    Returns whether the Web and EJB containers should call the security framework on every access.

    If false the containers are free to only call the security framework when security is set in the deployment descriptors.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    KeyStoreTypes

    Returns the types of KeyStore providers that may be created in this security realm, for example, weblogic.security.providers.pk.DefaultKeyStore. Use this method to find the available types to pass to createKeyStore

    Deprecated. 8.1.0.0

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    MaxWebLogicPrincipalsInCache

    Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. This value is only used if EnableWebLogicPrincipalValidatorCache is set to true

           
    Privileges Read/Write
    Typejava.lang.Integer
    Default Value500

    Name

    The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

           
    Privileges Read only
    Typejava.lang.String
    Default ValueRealm
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    PasswordValidatorTypes

    Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. Use this method to find the available types to pass to createPasswordValidator

           
    Available Since Release 10.0
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    RoleMapperTypes

    Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    SecurityDDModel

    Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.

    Note:

    If you deploy a module by modifying the domain's config.xml file and restarting the server, and if you do not specify a security model value for the module in config.xml, the module is secured with the default value of the AppDeploymentMBean SecurityDDModelattribute (see getSecurityDDModel ).

    Choose one of these security models:

    For more information, see:

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueDDOnly
    Legal Values
    • DDOnly
    • CustomRoles
    • CustomRolesAndPolicies
    • Advanced

    ValidateDDSecurityData

    Not used in this release.

           
    Privileges Read/Write
    Typeboolean


    Operations

    This section describes the following operations:


    isSet

    Returns true if the specified attribute has been set explicitly in this MBean instance.

       
    Operation Name"isSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to check

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • java.lang.IllegalArgumentException

    unSet

    Restore the given property to its default value.

       
    Operation Name"unSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to restore

    SignatureString [] { "java.lang.String" }
    Returns void
    Exceptions
    • java.lang.IllegalArgumentException
      UnsupportedOperationException if called on a runtime implementation.

    validate

    Checks that the realm is valid.

    Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured.

       
    Operation Name"validate"
    Parametersnull
    Signaturenull
    Returns void
    Exceptions
    • weblogic.management.utils.ErrorCollectionException

    wls_getDisplayName

    Returns the display name of an MBean.

    Deprecated 9.0.0.0

       
    Operation Name"wls_getDisplayName"
    Parametersnull
    Signaturenull
    ReturnsString