weblogic.management.security
Interface RealmMBean

public interface RealmMBean

extends weblogic.management.commo.StandardInterface

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. If an applpication specifies a different security realm, then that security realm is used instead. In either case, the security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

Method Summary

AdjudicatorMBean	getAdjudicator() The Adjudication providers for the security realm in order of invocation.
AuditorMBean[]	getAuditors() The Auditing providers for the security realm in order of invocation.
AuthenticationProviderMBean[]	getAuthenticationProviders() The Authentication providers for the security realm in order of invocation.
AuthorizerMBean[]	getAuthorizers() The Authorization providers for the security realm in order of invocation.
CredentialMapperMBean[]	getCredentialMappers() The Credential Mapping providers for the security realm in order of invocation.
KeyStoreMBean[]	getKeyStores() The Keystore providers for the security realm in order of invocation.
RoleMapperMBean[]	getRoleMappers() The Role Mapping providers for the security realm in order of invocation.
UserLockoutManagerMBean	getUserLockoutManager() The user lockout manager for the security realm.
boolean	isDefaultRealm() Specifies whether or not this security realm is the Default realm for the WebLogic domain.
boolean	isDeployCredentialMappingIgnored() Specifies whether or not credential mapping calls on the Credential Manager are ignored or passed to the configured Credential Mapping provider.
boolean	isDeployPolicyIgnored() Specifies whether or not policy calls on the Authorization Manager are ignored or passed to the configured Authorization provider.
boolean	isDeployRoleIgnored() Specifies whether or not role calls on the Role Manager are ignored or passed to the configured Role Mapping provider.
boolean	isFullyDelegateAuthorization() Specifies whether or not the Web and EJB containers should call the security framework on every access.
boolean	isUseDeprecatedWebResource() Beginning in WebLogic Server 7.0 SP1 WebResources have been deprecated and will not be used.
void	setAdjudicator(AdjudicatorMBean newValue) The Adjudication providers for the security realm in order of invocation.
void	setAuditors(AuditorMBean[] newValue) The Auditing providers for the security realm in order of invocation.
void	setAuthenticationProviders(AuthenticationProviderMBean[] newValue) The Authentication providers for the security realm in order of invocation.
void	setAuthorizers(AuthorizerMBean[] newValue) The Authorization providers for the security realm in order of invocation.
void	setCredentialMappers(CredentialMapperMBean[] newValue) The Credential Mapping providers for the security realm in order of invocation.
void	setDefaultRealm(boolean newValue) Specifies whether or not this security realm is the Default realm for the WebLogic domain.
void	setDeployCredentialMappingIgnored(boolean newValue) Specifies whether or not credential mapping calls on the Credential Manager are ignored or passed to the configured Credential Mapping provider.
void	setDeployPolicyIgnored(boolean newValue) Specifies whether or not policy calls on the Authorization Manager are ignored or passed to the configured Authorization provider.
void	setDeployRoleIgnored(boolean newValue) Specifies whether or not role calls on the Role Manager are ignored or passed to the configured Role Mapping provider.
void	setFullyDelegateAuthorization(boolean newValue) Specifies whether or not the Web and EJB containers should call the security framework on every access.
void	setKeyStores(KeyStoreMBean[] newValue) The Keystore providers for the security realm in order of invocation.
void	setRoleMappers(RoleMapperMBean[] newValue) The Role Mapping providers for the security realm in order of invocation.
void	setUseDeprecatedWebResource(boolean newValue) Beginning in WebLogic Server 7.0 SP1 WebResources have been deprecated and will not be used.
void	setUserLockoutManager(UserLockoutManagerMBean newValue) The user lockout manager for the security realm.
void	validate() Checks that the realm is valid.

Methods inherited from interface weblogic.management.commo.StandardInterface

wls_getAttributeTag, wls_getConstructorTag, wls_getDisplayName, wls_getInterfaceClassName, wls_getMBeanTag, wls_getNotificationTag, wls_getObjectName, wls_getOperationTag

Method Detail

getAuthenticationProviders

public AuthenticationProviderMBean[] getAuthenticationProviders()

The Authentication providers for the security realm in order of invocation. Authentication providers can either be a WebLogic Authentication provider or a Custom Authentication provider. The active security realm must have at least one defined Authentication provider.

setAuthenticationProviders

public void setAuthenticationProviders(AuthenticationProviderMBean[] newValue)
                                throws javax.management.InvalidAttributeValueException

The Authentication providers for the security realm in order of invocation. Authentication providers can either be a WebLogic Authentication provider or a Custom Authentication provider. The active security realm must have at least one defined Authentication provider.

Parameters:

newValue - - new value for attribute AuthenticationProviders

Throws:

javax.management.InvalidAttributeValueException -

getRoleMappers

public RoleMapperMBean[] getRoleMappers()

The Role Mapping providers for the security realm in order of invocation. Role Mapping providers can either be a WebLogic Role Mapping provider or a Custom Role Mapping provider. The active security realm must have at least one defined Role Mapping provider.

setRoleMappers

public void setRoleMappers(RoleMapperMBean[] newValue)
                    throws javax.management.InvalidAttributeValueException

The Role Mapping providers for the security realm in order of invocation. Role Mapping providers can either be a WebLogic Role Mapping provider or a Custom Role Mapping provider. The active security realm must have at least one defined Role Mapping provider.

Parameters:

newValue - - new value for attribute RoleMappers

Throws:

javax.management.InvalidAttributeValueException -

getAuthorizers

public AuthorizerMBean[] getAuthorizers()

The Authorization providers for the security realm in order of invocation. Authorization providers can either be a WebLogic Authorization provider or a Custom Authorization provider. The active security realm must have at least one defined Authorization provider.

setAuthorizers

public void setAuthorizers(AuthorizerMBean[] newValue)
                    throws javax.management.InvalidAttributeValueException

The Authorization providers for the security realm in order of invocation. Authorization providers can either be a WebLogic Authorization provider or a Custom Authorization provider. The active security realm must have at least one defined Authorization provider.

Parameters:

newValue - - new value for attribute Authorizers

Throws:

javax.management.InvalidAttributeValueException -

getAdjudicator

public AdjudicatorMBean getAdjudicator()

The Adjudication providers for the security realm in order of invocation. Adjudication providers can either be a WebLogic Adjudication provider or a Custom Adjudication provider. The active security realm must have at least one defined Adjudication provider.

setAdjudicator

public void setAdjudicator(AdjudicatorMBean newValue)
                    throws javax.management.InvalidAttributeValueException

The Adjudication providers for the security realm in order of invocation. Adjudication providers can either be a WebLogic Adjudication provider or a Custom Adjudication provider. The active security realm must have at least one defined Adjudication provider.

Parameters:

newValue - - new value for attribute Adjudicator

Throws:

javax.management.InvalidAttributeValueException -

getAuditors

public AuditorMBean[] getAuditors()

The Auditing providers for the security realm in order of invocation. Auditing providers can either be a WebLogic Auditing provider or a Custom Auditing provider. The active security realm may have zero or more defined Auditing providers.

setAuditors

public void setAuditors(AuditorMBean[] newValue)
                 throws javax.management.InvalidAttributeValueException

The Auditing providers for the security realm in order of invocation. Auditing providers can either be a WebLogic Auditing provider or a Custom Auditing provider. The active security realm may have zero or more defined Auditing providers.

Parameters:

newValue - - new value for attribute Auditors

Throws:

javax.management.InvalidAttributeValueException -

getCredentialMappers

public CredentialMapperMBean[] getCredentialMappers()

The Credential Mapping providers for the security realm in order of invocation. Credential Mapping providers can either be a WebLogic Credential Mapping provider or a Custom Credential Mapping provider. The active security realm must have at least one defined Credential Mapping provider.

setCredentialMappers

public void setCredentialMappers(CredentialMapperMBean[] newValue)
                          throws javax.management.InvalidAttributeValueException

The Credential Mapping providers for the security realm in order of invocation. Credential Mapping providers can either be a WebLogic Credential Mapping provider or a Custom Credential Mapping provider. The active security realm must have at least one defined Credential Mapping provider.

Parameters:

newValue - - new value for attribute CredentialMappers

Throws:

javax.management.InvalidAttributeValueException -

getKeyStores

public KeyStoreMBean[] getKeyStores()

The Keystore providers for the security realm in order of invocation. Keystore providers can either be a WebLogic Keystore provider or a Custom Keystore provider. The active security realm may have zero or more Keystore providers. If no Keystore provider is specified, the key attributes on the deprecated SSL MBean will be used to get the pathnames to the files containing the keys.

setKeyStores

public void setKeyStores(KeyStoreMBean[] newValue)
                  throws javax.management.InvalidAttributeValueException

The Keystore providers for the security realm in order of invocation. Keystore providers can either be a WebLogic Keystore provider or a Custom Keystore provider. The active security realm may have zero or more Keystore providers. If no Keystore provider is specified, the key attributes on the deprecated SSL MBean will be used to get the pathnames to the files containing the keys.

Parameters:

newValue - - new value for attribute KeyStores

Throws:

javax.management.InvalidAttributeValueException -

getUserLockoutManager

public UserLockoutManagerMBean getUserLockoutManager()

The user lockout manager for the security realm. The active security realm must have one defined user lockout manager.

setUserLockoutManager

public void setUserLockoutManager(UserLockoutManagerMBean newValue)
                           throws javax.management.InvalidAttributeValueException

The user lockout manager for the security realm. The active security realm must have one defined user lockout manager.

Parameters:

newValue - - new value for attribute UserLockoutManager

Throws:

javax.management.InvalidAttributeValueException -

isDefaultRealm

public boolean isDefaultRealm()

Specifies whether or not this security realm is the Default realm for the WebLogic domain. Only one realm may have this attribute set to true. All other realms must have the attribute set to false.

Default Value: new java.lang.Boolean(false)

setDefaultRealm

public void setDefaultRealm(boolean newValue)
                     throws javax.management.InvalidAttributeValueException

Specifies whether or not this security realm is the Default realm for the WebLogic domain. Only one realm may have this attribute set to true. All other realms must have the attribute set to false.

Parameters:

newValue - - new value for attribute DefaultRealm

Throws:

javax.management.InvalidAttributeValueException -

isDeployRoleIgnored

public boolean isDeployRoleIgnored()

Specifies whether or not role calls on the Role Manager are ignored or passed to the configured Role Mapping provider.

Default Value: new java.lang.Boolean(false)

setDeployRoleIgnored

public void setDeployRoleIgnored(boolean newValue)
                          throws javax.management.InvalidAttributeValueException

Specifies whether or not role calls on the Role Manager are ignored or passed to the configured Role Mapping provider.

Parameters:

newValue - - new value for attribute DeployRoleIgnored

Throws:

javax.management.InvalidAttributeValueException -

isUseDeprecatedWebResource

public boolean isUseDeprecatedWebResource()

Beginning in WebLogic Server 7.0 SP1 WebResources have been deprecated and will not be used. Instead of WebResources, the more functional URLResources will be used. If this realm has an authorization provider that requires the older WebResources, set this to true.

Default Value: new java.lang.Boolean(false)

setUseDeprecatedWebResource

public void setUseDeprecatedWebResource(boolean newValue)
                                 throws javax.management.InvalidAttributeValueException

Beginning in WebLogic Server 7.0 SP1 WebResources have been deprecated and will not be used. Instead of WebResources, the more functional URLResources will be used. If this realm has an authorization provider that requires the older WebResources, set this to true.

Parameters:

newValue - - new value for attribute UseDeprecatedWebResource

Throws:

javax.management.InvalidAttributeValueException -

isDeployPolicyIgnored

public boolean isDeployPolicyIgnored()

Specifies whether or not policy calls on the Authorization Manager are ignored or passed to the configured Authorization provider.

Default Value: new java.lang.Boolean(false)

setDeployPolicyIgnored

public void setDeployPolicyIgnored(boolean newValue)
                            throws javax.management.InvalidAttributeValueException

Specifies whether or not policy calls on the Authorization Manager are ignored or passed to the configured Authorization provider.

Parameters:

newValue - - new value for attribute DeployPolicyIgnored

Throws:

javax.management.InvalidAttributeValueException -

isDeployCredentialMappingIgnored

public boolean isDeployCredentialMappingIgnored()

Specifies whether or not credential mapping calls on the Credential Manager are ignored or passed to the configured Credential Mapping provider.

Default Value: new java.lang.Boolean(false)

setDeployCredentialMappingIgnored

public void setDeployCredentialMappingIgnored(boolean newValue)
                                       throws javax.management.InvalidAttributeValueException

Specifies whether or not credential mapping calls on the Credential Manager are ignored or passed to the configured Credential Mapping provider.

Parameters:

newValue - - new value for attribute DeployCredentialMappingIgnored

Throws:

javax.management.InvalidAttributeValueException -

isFullyDelegateAuthorization

public boolean isFullyDelegateAuthorization()

Specifies whether or not the Web and EJB containers should call the security framework on every access. If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Default Value: new java.lang.Boolean(false)

setFullyDelegateAuthorization

public void setFullyDelegateAuthorization(boolean newValue)
                                   throws javax.management.InvalidAttributeValueException

Specifies whether or not the Web and EJB containers should call the security framework on every access. If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Parameters:

newValue - - new value for attribute FullyDelegateAuthorization

Throws:

javax.management.InvalidAttributeValueException -

validate

public void validate()
              throws ErrorCollectionException

Checks that the realm is valid. If the realm is not valid, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, one for each reason that the realm is not valid. The text of each exception describes the problem.

Throws:

ErrorCollectionException -