BEA Systems, Inc.

weblogic.management.configuration
Interface SecurityMBean

public interface SecurityMBean
extends ConfigurationMBean

Specifies the security properties of a WebLogic domain.

Field Summary
static long CACHING_STUB_SVUID
           
 
Fields inherited from class weblogic.management.configuration.ConfigurationMBean
CACHING_STUB_SVUID
 
Method Summary
 java.lang.String getAuditProviderClassName()
           
 java.lang.String getConnectionFilter()
          The name of the Java class that implements a connection filter.
 java.lang.String[] getConnectionFilterRules()
          The list of rules for the system connection filter.
 boolean getConnectionLoggerEnabled()
          Enables the logging of accepted connections.
 java.lang.String getName()
          Returns the name of the MBean.
 weblogic.management.configuration.PasswordPolicyMBean getPasswordPolicy()
          Deprecated.  
 weblogic.management.configuration.RealmMBean getRealm()
          Sets the realm policies.
 ServerSecurityRuntimeMBean getServerSecurityRuntime()
          Returns the state of security on the specified WebLogic Server.
 java.lang.String getSystemUser()
          The name of the system user.
 boolean isCompatibilityMode()
          Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.
 boolean isGuestDisabled()
          Deprecated.  
 void setAuditProviderClassName(java.lang.String className)
           
 void setCompatibilityMode(boolean disable)
           
 void setConnectionFilter(java.lang.String filter)
           
 void setConnectionFilterRules(java.lang.String[] filterList)
           
 void setConnectionLoggerEnabled(boolean logging)
           
 void setGuestDisabled(boolean disable)
           
 void setName(java.lang.String name)
          Set the name of the MBean.
 void setPasswordPolicy(weblogic.management.configuration.PasswordPolicyMBean realm)
           
 void setRealm(weblogic.management.configuration.RealmMBean realm)
           
 void setRealmSetup(boolean disable)
           
 void setSystemUser(java.lang.String user)
           
 
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean
addLinkMbeanAttribute, getNotes, isPersistenceEnabled, setNotes
 
Methods inherited from interface weblogic.management.WebLogicMBean
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent
 
Methods inherited from interface javax.management.DynamicMBean
getAttribute, getAttributes, invoke, setAttribute, setAttributes
 
Methods inherited from interface javax.management.MBeanRegistration
postDeregister, postRegister, preDeregister, preRegister
 
Methods inherited from interface javax.management.NotificationBroadcaster
addNotificationListener, getNotificationInfo, removeNotificationListener
 

Field Detail

CACHING_STUB_SVUID

public static final long CACHING_STUB_SVUID
Method Detail

setName

public void setName(java.lang.String name)
             throws javax.management.InvalidAttributeValueException
Set the name of the MBean.

Legal Value: weblogic.management.configuration.LegalHelper.securityMBeanSetNameLegalCheck(self,value);

getName

public java.lang.String getName()
Returns the name of the MBean.

getRealm

public weblogic.management.configuration.RealmMBean getRealm()
Sets the realm policies.

setRealm

public void setRealm(weblogic.management.configuration.RealmMBean realm)
              throws javax.management.InvalidAttributeValueException

getAuditProviderClassName

public java.lang.String getAuditProviderClassName()

setAuditProviderClassName

public void setAuditProviderClassName(java.lang.String className)
                               throws javax.management.InvalidAttributeValueException

isGuestDisabled

public boolean isGuestDisabled()
Deprecated.  
Specifies whether or not guest logins can be used to access WebLogic Server resources. This attribute is used in Compatibility mode.

Default Value: true

setGuestDisabled

public void setGuestDisabled(boolean disable)

getConnectionFilter

public java.lang.String getConnectionFilter()
The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.

Default Value: null

setConnectionFilter

public void setConnectionFilter(java.lang.String filter)
                         throws javax.management.InvalidAttributeValueException

getSystemUser

public java.lang.String getSystemUser()
The name of the system user. This attribute must be specified.

Default Value: "system"
Legal NULL: false

setSystemUser

public void setSystemUser(java.lang.String user)
                   throws javax.management.InvalidAttributeValueException

getPasswordPolicy

public weblogic.management.configuration.PasswordPolicyMBean getPasswordPolicy()
Deprecated.  
Sets the password policy. This interface is used in Compatibility mode.

setPasswordPolicy

public void setPasswordPolicy(weblogic.management.configuration.PasswordPolicyMBean realm)
                       throws javax.management.InvalidAttributeValueException

getServerSecurityRuntime

public ServerSecurityRuntimeMBean getServerSecurityRuntime()
Returns the state of security on the specified WebLogic Server. Returns null if the specified server is not running.

setRealmSetup

public void setRealmSetup(boolean disable)

isCompatibilityMode

public boolean isCompatibilityMode()
Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.

Default Value: false

setCompatibilityMode

public void setCompatibilityMode(boolean disable)

getConnectionFilterRules

public java.lang.String[] getConnectionFilterRules()
The list of rules for the system connection filter. If none are specified, all connections are accepted.

The syntax of the rules is as follows:

  • Each rule must be written on a single line in the source code.
  • Tokens in a rule are separated by white space.
  • A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.
  • Whitespace before or after a rule is ignored.
  • Lines consisting only of whitespace or comments are skipped.

    All rules have the following format:

    target localAddress localPort action protocols

    where

    target specifies one or more servers to filter.

    localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

    localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).

    action specifies the action to perform. The value must be allow or deny).

    protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

    Two kinds of rules are recognized:

    • A fast rule applies to a hostname or IP address with an optional netmask. If a hostname corresponds to multiple IP addresses, multiple rules are generated (in no particular order). Netmasks can be specified either in numeric or dotted-quad form. For example:

      dialup-555-1212.pa.example.net 127.0.0.1 7001 deny t3 t3s # http(s) OK 192.168.81.0/255.255.254.0 127.0.0.1 8001 allow # 23-bit netmask 192.168.0.0/16 127.0.0.1 8002 deny # like /255.255.0.0

      Hostnames for fast rules are looked up once at server startup. While this design greatly reduces overhead at connect time, it can result in the filter obtaining out of date information about what addresses correspond to a host name. BEA Systems recommends using numeric IP addresses instead.

    • A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup on the client-side in order to perform a match, a slow rule may be much slower than the fast rule. Slow rules are also subject to DNS spoofing. Slow rules are specified as follows:

      *.script-kiddiez.org 127.0.0.1 7001 deny

      An asterisk only matches at the head of a pattern. If you specify an asterisk anywhere else in a rule, it is treated as part of the pattern. Note that the pattern will never match a domain name since an asterisk is not a legal part of a domain name.

    When a client connects to WebLogic Server, these rules are evaluated in the order in which they were written. The first rule to match determines how the connection is treated. If no rules match, the connection is permitted.

    If you want to further protect your server and only allow connections from certain addresses, you can specify 0.0.0.0/0 * * deny as your last rule.

    A dynamic MBean attribute
    Default Value: null
    Legal Value: weblogic.management.configuration.SecurityLegalHelper.isLegalFilterRules(self,value);

    • setConnectionFilterRules

    public void setConnectionFilterRules(java.lang.String[] filterList)

    getConnectionLoggerEnabled

    public boolean getConnectionLoggerEnabled()
    Enables the logging of accepted connections. This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

    A dynamic MBean attribute
    Default Value: false

    setConnectionLoggerEnabled

    public void setConnectionLoggerEnabled(boolean logging)
                                throws javax.management.InvalidAttributeValueException

    Documentation is available at
    http://download.oracle.com/docs/cd/E13222_01/wls/docs70
    Copyright © 2004 BEA Systems, Inc. All Rights Reserved.
    WebLogic Server 7.0 API Reference