WebLogic Server 6.0sp2 API Reference: Interface SSLMBean

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic Server 6.0sp2 API Reference

weblogic.management.configuration
Interface SSLMBean

public interface SSLMBean
extends ConfigurationMBean

This bean represents the configuration of SSL for clients

SSLServerMBean extends this bean to represent the configuration of a server.

Author:: Copyright © 2001 BEA Systems, Inc. All Rights Reserved.

Field Summary
`static int`	`PEER_VALIDATION_IGNORE`
`static int`	`PEER_VALIDATION_REJECT`
`static int`	`PEER_VALIDATION_WARN`

Method Summary
`java.lang.String`	`getCertAuthenticator()` Set the certificate authenticator class name to map a client certificate to a Weblogic Server user.
`int`	`getCertificateCacheSize()` The number of certificates held that have not been redeemed by tokens.
`java.lang.String[]`	`getCiphersuites()` String List of possible values SSL_NULL_WITH_NULL_NULL SSL_RSA_WITH_NULL_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA If not specified, the default is SSL_RSA_EXPORT_WITH_RC4_40_MD5
`int`	`getExportKeyLifespan()` Returns the lifespan of SSL server encryption key in ???
`java.lang.String`	`getHostnameVerifier()` Set the hostname verifier class name to verify that, from an SSL client, the hostname from the URL is an acceptable match with the value from the common name entry in the server certificate's distinguished name.
`boolean`	`getIgnoreHostnameVerification()` Turn off SSL hostname verification.
`int`	`getListenPort()` TCP port at which the WebLogic Server listens for SSL connection requests.
`int`	`getLoginTimeoutMillis()` Duration allowed for a login sequence.
`int`	`getPeerValidationEnforced()` Check to make sure that the base URL in the CN of the certificate being sent to us matches the host name that we think we connected to.
`java.lang.String`	`getServerCertificateChainFileName()` String containing the filename containing the ordered pem encoded server's certificate chain.
`java.lang.String`	`getServerCertificateFileName()` File containing SSL server certificate.
`java.lang.String`	`getServerKeyFileName()` File containing SSL server encryption key.
`java.lang.String`	`getTrustedCAFileName()` Returns the name of file containing the pem encoded trusted CAs
`boolean`	`isClientCertificateEnforced()` If `true`, all clients must present certificates from the configured SSLTrustedCAFileName.
`boolean`	`isEnabled()` Set whether or not SSL usage is enabled for the server.
`boolean`	`isHandlerEnabled()` Enables server-to-server SSL connections.
`boolean`	`isKeyEncrypted()` If true, the key is PKCS8 encrypted and requires a passphrase to be supplied to use the key.
`boolean`	`isUseJava()` Turn off native acceleration altogether and use pure java SSL
`void`	`setCertAuthenticator(java.lang.String classname)`
`void`	`setCertificateCacheSize(int size)` Set the number of certificates held that have not been redeemed by tokens.
`void`	`setCiphersuites(java.lang.String[] ciphers)`
`void`	`setClientCertificateEnforced(boolean enforce)` Set whether or not the SSL client certificate is enforced.
`void`	`setEnabled(boolean enable)`
`void`	`setExportKeyLifespan(int lifespan)` Set the lifespan of the SSL server encryption key.
`void`	`setHandlerEnabled(boolean enable)` Set whether or not to enable server-to-server SSL connections.
`void`	`setHostnameVerifier(java.lang.String classname)`
`void`	`setIgnoreHostnameVerification(boolean ignoreFlag)`
`void`	`setKeyEncrypted(boolean keyIsEncrypted)`
`void`	`setListenPort(int port)` Set the TCP port at which the WebLogic Server listens for SSL connection requests.
`void`	`setLoginTimeoutMillis(int millis)` Set the duration allowed for a login sequence.
`void`	`setMDAcceleration(java.lang.String accel)`
`void`	`setPeerValidationEnforced(int checkLevel)`
`void`	`setRC4Acceleration(java.lang.String accel)`
`void`	`setRSAAcceleration(java.lang.String accel)`
`void`	`setServerCertificateChainFileName(java.lang.String fileName)` Set the list of file names that contain server certificate authorities.
`void`	`setServerCertificateFileName(java.lang.String fileName)`
`void`	`setServerKeyFileName(java.lang.String fileName)` Set the file containing the SSL server encryption key.
`void`	`setTrustedCAFileName(java.lang.String fileName)` Sets the name of the file containing the SSL certificate authority for clients.
`void`	`setUseJava(boolean usejava)`

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

getNotes, 
setNotes

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, 
getName, 
getObjectName, 
getParent, 
getType, 
isCachingDisabled, 
isRegistered, 
setName, 
setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, 
getAttributes, 
invoke, 
setAttribute, 
setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, 
postRegister, 
preDeregister, 
preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, 
getNotificationInfo, 
removeNotificationListener

Field Detail

PEER_VALIDATION_IGNORE

public static final int PEER_VALIDATION_IGNORE

PEER_VALIDATION_WARN

public static final int PEER_VALIDATION_WARN

PEER_VALIDATION_REJECT

public static final int PEER_VALIDATION_REJECT

Method Detail

isUseJava

public boolean isUseJava()

Turn off native acceleration altogether and use pure java SSL

A configurable MBean attribute
Default Value: true
Old Property: weblogic.system.SSL.useJava

setUseJava

public void setUseJava(boolean usejava)

setMDAcceleration

public void setMDAcceleration(java.lang.String accel)
                       throws javax.management.InvalidAttributeValueException

setRC4Acceleration

public void setRC4Acceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

setRSAAcceleration

public void setRSAAcceleration(java.lang.String accel)
                        throws javax.management.InvalidAttributeValueException

isEnabled

public boolean isEnabled()

Set whether or not SSL usage is enabled for the server.

Default Value: false
Old Property: weblogic.security.ssl.enable

setEnabled

public void setEnabled(boolean enable)
                throws javax.management.InvalidAttributeValueException

getCiphersuites

public java.lang.String[] getCiphersuites()

String List of possible values SSL_NULL_WITH_NULL_NULL SSL_RSA_WITH_NULL_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_EXPORT_WITH_DES_40_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA If not specified, the default is SSL_RSA_EXPORT_WITH_RC4_40_MD5

setCiphersuites

public void setCiphersuites(java.lang.String[] ciphers)
                     throws javax.management.InvalidAttributeValueException

getCertAuthenticator

public java.lang.String getCertAuthenticator()

Set the certificate authenticator class name to map a client certificate to a Weblogic Server user. The weblogic.security.acl.CertAuthenticator interface provides a way to map a client certificate to a WebLogic Server user. The interface defines an authenticate() method that WebLogic Server calls after evaluating a certificate presented by a client.

Default Value: null
Old Property: weblogic.security.realm.certAuthenticator

setCertAuthenticator

public void setCertAuthenticator(java.lang.String classname)
                          throws javax.management.InvalidAttributeValueException

getHostnameVerifier

public java.lang.String getHostnameVerifier()

Set the hostname verifier class name to verify that, from an SSL client, the hostname from the URL is an acceptable match with the value from the common name entry in the server certificate's distinguished name. This is to prevent the man-in-the-middle attack. The weblogic.security.SSL.HostnameVerifier interface provides a way to verify the URL hostname against the certificate Subject. The interface defines a verify() method that WebLogic Server calls during the SSL handshake, on the client.

Default Value: null
Old Property: weblogic.security.SSL.hostnameVerifier

setHostnameVerifier

public void setHostnameVerifier(java.lang.String classname)
                         throws javax.management.InvalidAttributeValueException

getIgnoreHostnameVerification

public boolean getIgnoreHostnameVerification()

Turn off SSL hostname verification. By doing this, the SSL client library is open to man-in-the-middle attacks.

Default Value: false
Old Property: weblogic.security.SSL.ignoreHostnameVerification

setIgnoreHostnameVerification

public void setIgnoreHostnameVerification(boolean ignoreFlag)
                                   throws javax.management.InvalidAttributeValueException

getTrustedCAFileName

public java.lang.String getTrustedCAFileName()

Returns the name of file containing the pem encoded trusted CAs

A configurable MBean attribute
Default Value: "trusted-ca.pem"
Old Property: weblogic.security.clientRootCA

setTrustedCAFileName

public void setTrustedCAFileName(java.lang.String fileName)
                          throws javax.management.InvalidAttributeValueException

Sets the name of the file containing the SSL certificate authority for clients.

getPeerValidationEnforced

public int getPeerValidationEnforced()

Check to make sure that the base URL in the CN of the certificate being sent to us matches the host name that we think we connected to. This means that the identity in the remote certificate has to match the hostname on which the remote entity is running. Setting this to reject prevents man-in-the-middle attacks.

A configurable MBean attribute
Default Value: 0

setPeerValidationEnforced

public void setPeerValidationEnforced(int checkLevel)
                               throws javax.management.InvalidAttributeValueException

isKeyEncrypted

public boolean isKeyEncrypted()

If true, the key is PKCS8 encrypted and requires a passphrase to be supplied to use the key. If false, the key is an unencrypted private key and may be used without providing a passphrase

A configurable MBean attribute
Default Value: false

setKeyEncrypted

public void setKeyEncrypted(boolean keyIsEncrypted)
                     throws javax.management.InvalidAttributeValueException

getExportKeyLifespan

public int getExportKeyLifespan()

Returns the lifespan of SSL server encryption key in ???

Default Value: 500
Old Property: weblogic.security.key.export.lifespan

setExportKeyLifespan

public void setExportKeyLifespan(int lifespan)
                          throws javax.management.InvalidAttributeValueException

Set the lifespan of the SSL server encryption key.

Legal Value: value >= 0 && value < 65535
Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

isClientCertificateEnforced

public boolean isClientCertificateEnforced()

If true, all clients must present certificates from the configured SSLTrustedCAFileName.

A configurable MBean attribute
Default Value: false
Old Property: weblogic.security.enforceClientCert

setClientCertificateEnforced

public void setClientCertificateEnforced(boolean enforce)

Set whether or not the SSL client certificate is enforced.

getServerCertificateFileName

public java.lang.String getServerCertificateFileName()

File containing SSL server certificate.

A configurable MBean attribute
Default Value: "server-cert.der"
Old Property: weblogic.security.certificate.server

setServerCertificateFileName

public void setServerCertificateFileName(java.lang.String fileName)

getListenPort

public int getListenPort()

TCP port at which the WebLogic Server listens for SSL connection requests.

A configurable MBean attribute
Default Value: 7002
Old Property: weblogic.system.SSLListenPort

setListenPort

public void setListenPort(int port)

Set the TCP port at which the WebLogic Server listens for SSL connection requests.

Legal Value: value > 0 && value < 65535
Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

getServerCertificateChainFileName

public java.lang.String getServerCertificateChainFileName()

String containing the filename containing the ordered pem encoded server's certificate chain. It should not include the server's certificate which is stored in the file pointed to by SSLServerCertificateFileName.

A configurable MBean attribute
Default Value: "server-certchain.pem"

setServerCertificateChainFileName

public void setServerCertificateChainFileName(java.lang.String fileName)

Set the list of file names that contain server certificate authorities. This method returns an immutable list of filename.

getCertificateCacheSize

public int getCertificateCacheSize()

The number of certificates held that have not been redeemed by tokens.

A configurable MBean attribute
Default Value: 3
Old Property: weblogic.security.certificateCacheSize

setCertificateCacheSize

public void setCertificateCacheSize(int size)

Set the number of certificates held that have not been redeemed by tokens.

Legal Value: value >= 0 && value < 65535
Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

isHandlerEnabled

public boolean isHandlerEnabled()

Enables server-to-server SSL connections. Disable this to over-ride automatic SSL between servers.

A configurable MBean attribute
Default Value: true
Old Property: weblogic.security.SSLHandler.enable

setHandlerEnabled

public void setHandlerEnabled(boolean enable)

Set whether or not to enable server-to-server SSL connections.

getLoginTimeoutMillis

public int getLoginTimeoutMillis()

Duration allowed for a login sequence. If the duration is exceeded, the login is timed out. 0 to disable.

A configurable MBean attribute
Default Value: 25000
Old Property: weblogic.login.readTimeoutMillisSSL

setLoginTimeoutMillis

public void setLoginTimeoutMillis(int millis)

Set the duration allowed for a login sequence.

Legal Minimum Value: 1
Legal Maximum Value: java.lang.Integer.MAX_VALUE

getServerKeyFileName

public java.lang.String getServerKeyFileName()

File containing SSL server encryption key.

A configurable MBean attribute
Default Value: "server-key.der"
Old Property: weblogic.security.key.server

setServerKeyFileName

public void setServerKeyFileName(java.lang.String fileName)

Set the file containing the SSL server encryption key.