|
BEA Systems, Inc. | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
This MBean represents the configuration of the SSL protocol for version 6.x and version 7.0 WebLogic Server deployments.
Field Summary | |
static long |
CACHING_STUB_SVUID
|
static java.lang.String |
IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS
|
static java.lang.String |
IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES
|
Fields inherited from class weblogic.management.configuration.ConfigurationMBean |
CACHING_STUB_SVUID,
DEFAULT_EMPTY_BYTE_ARRAY |
Method Summary | |
java.lang.String |
getCertAuthenticator()
The name of the Java class that implements the weblogic.security.acl.CertAuthenticator class. |
int |
getCertificateCacheSize()
The number of certificates held that have not been redeemed by tokens. |
java.lang.String[] |
getCiphersuites()
Specifies the cipher suites being used on a particular WebLogic Server. |
int |
getExportKeyLifespan()
Specifies the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. |
java.lang.String |
getHostnameVerifier()
The name of the class that implements the weblogic.security.SSL.HostnameVerifier class. |
java.lang.String |
getIdentityAndTrustLocations()
Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs). |
int |
getListenPort()
The TCP/IP port at which the WebLogic Server listens for SSL connection requests. |
int |
getLoginTimeoutMillis()
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. |
int |
getPeerValidationEnforced()
Deprecated. As of WLS 6.1, this is an unused attribute |
java.lang.String |
getServerCertificateChainFileName()
Deprecated. Deprecated in WebLogic Server version 7.0. |
java.lang.String |
getServerCertificateFileName()
Deprecated. as of 8.1, server certificates (and chains) should be stored in keystores. |
java.lang.String |
getServerKeyFileName()
Deprecated. as of 8.1, private keys should be stored in keystores. |
java.lang.String |
getServerPrivateKeyAlias()
The string alias used to store and retrieve the server's private key in the keystore. |
java.lang.String |
getServerPrivateKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore. |
byte[] |
getServerPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the server's private key from the keystore. |
java.lang.String |
getTrustedCAFileName()
Deprecated. as of 8.1, trusted CAs should be stored in keystores. |
boolean |
isClientCertificateEnforced()
Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server. |
boolean |
isEnabled()
Indicates whether the SSL port in the SSLMBean is enabled. |
boolean |
isHandlerEnabled()
Not used. |
boolean |
isHostnameVerificationIgnored()
Indicates whether the installed implementation of the weblogic.security.SSL.HostnameVerifier class is enabled. |
boolean |
isKeyEncrypted()
This attribute is no longer used as of WLS 7.0. |
boolean |
isSSLRejectionLoggingEnabled()
This setting controls whether logging is done when a connection over SSL is rejected. |
boolean |
isTwoWaySSLEnabled()
Is two way SSL enabled? |
boolean |
isUseJava()
Enables the use of native Java libraries. |
void |
setCertAuthenticator(java.lang.String classname)
Sets the certAuthenticator attribute of the SSLMBean object |
void |
setCertificateCacheSize(int size)
Set the number of certificates held that have not been redeemed by tokens. |
void |
setCiphersuites(java.lang.String[] ciphers)
Sets the ciphersuites attribute of the SSLMBean object |
void |
setClientCertificateEnforced(boolean enforce)
Defines whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server. |
void |
setEnabled(boolean enable)
|
void |
setExportKeyLifespan(int lifespan)
Set the lifespan of the SSL server encryption key. |
void |
setHandlerEnabled(boolean enable)
Not used. |
void |
setHostnameVerificationIgnored(boolean ignoreFlag)
Sets the hostnameVerificationIgnored attribute of the SSLMBean object |
void |
setHostnameVerifier(java.lang.String classname)
Sets the hostnameVerifier attribute of the SSLMBean object |
void |
setIdentityAndTrustLocations(java.lang.String locations)
Sets the identityAndTrustLocations attribute of the SSLMBean object |
void |
setKeyEncrypted(boolean keyIsEncrypted)
This attribute is no longer used as of WLS 7.0. |
void |
setListenPort(int port)
Set the TCP/IP port at which the WebLogic Server listens for SSL connection requests. |
void |
setLoginTimeoutMillis(int millis)
Sets the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. |
void |
setMDAcceleration(java.lang.String accel)
Sets the mDAcceleration attribute of the SSLMBean object |
void |
setPeerValidationEnforced(int checkLevel)
Sets the peerValidationEnforced attribute of the SSLMBean object |
void |
setRC4Acceleration(java.lang.String accel)
Sets the rC4Acceleration attribute of the SSLMBean object |
void |
setRSAAcceleration(java.lang.String accel)
Sets the rSAAcceleration attribute of the SSLMBean object |
void |
setServerCertificateChainFileName(java.lang.String fileName)
This attribute is no longer used as of WLS 7.0. |
void |
setServerCertificateFileName(java.lang.String fileName)
Deprecated. as of 8.1, server certificates (and chains) should be stored in keystores. |
void |
setServerKeyFileName(java.lang.String fileName)
Deprecated. as of 8.1, private keys should be stored in keystores. |
void |
setServerPrivateKeyAlias(java.lang.String alias)
Sets the serverPrivateKeyAlias attribute of the SSLMBean object |
void |
setServerPrivateKeyPassPhrase(java.lang.String phrase)
As of 8.1 sp4, this method does the following: |
void |
setServerPrivateKeyPassPhraseEncrypted(byte[] bytes)
Encrypts and sets the value of the ServerPrivateKeyPassPhraseEncrypted attribute. |
void |
setSSLRejectionLoggingEnabled(boolean enabled)
Sets the sSLRejectionLoggingEnabled attribute of the SSLMBean object |
void |
setTrustedCAFileName(java.lang.String fileName)
Deprecated. as of 8.1, trusted CAs should be stored in keystores. |
void |
setTwoWaySSLEnabled(boolean enabled)
Sets the twoWaySSLEnabled attribute of the SSLMBean object |
void |
setUseJava(boolean usejava)
Sets the useJava attribute of the SSLMBean object |
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
freezeCurrentValue,
getNotes,
restoreDefaultValue,
setComments,
setDefaultedMBean,
setNotes,
setPersistenceEnabled |
Methods inherited from interface weblogic.management.WebLogicMBean |
getMBeanInfo,
getName,
getObjectName,
getParent,
getType,
isCachingDisabled,
isRegistered,
setName,
setParent |
Methods inherited from interface javax.management.DynamicMBean |
getAttribute,
getAttributes,
invoke,
setAttribute,
setAttributes |
Methods inherited from interface javax.management.MBeanRegistration |
postDeregister,
postRegister,
preRegister |
Methods inherited from interface javax.management.NotificationBroadcaster |
addNotificationListener,
getNotificationInfo,
removeNotificationListener |
Field Detail |
public static final java.lang.String IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES
public static final java.lang.String IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS
public static final long CACHING_STUB_SVUID
Method Detail |
public boolean isUseJava()
public void setUseJava(boolean usejava)
usejava
- The new useJava valuepublic void setMDAcceleration(java.lang.String accel) throws javax.management.InvalidAttributeValueException
accel
- The new mDAcceleration valuepublic void setRC4Acceleration(java.lang.String accel) throws javax.management.InvalidAttributeValueException
accel
- The new rC4Acceleration valuepublic void setRSAAcceleration(java.lang.String accel) throws javax.management.InvalidAttributeValueException
accel
- The new rSAAcceleration valuepublic boolean isEnabled()
public void setEnabled(boolean enable) throws javax.management.InvalidAttributeValueException
enable
- The new enabled valuepublic java.lang.String[] getCiphersuites()
The possible values are:
The default is TLS_RSA_EXPORT_WITH_RC4_40_MD5.
public void setCiphersuites(java.lang.String[] ciphers) throws javax.management.InvalidAttributeValueException
ciphers
- The new ciphersuites valuepublic java.lang.String getCertAuthenticator()
public void setCertAuthenticator(java.lang.String classname) throws javax.management.InvalidAttributeValueException
classname
- The new certAuthenticator valuepublic java.lang.String getHostnameVerifier()
public void setHostnameVerifier(java.lang.String classname) throws javax.management.InvalidAttributeValueException
classname
- The new hostnameVerifier valuepublic boolean isHostnameVerificationIgnored()
public void setHostnameVerificationIgnored(boolean ignoreFlag) throws javax.management.InvalidAttributeValueException
ignoreFlag
- The new hostnameVerificationIgnored valuepublic java.lang.String getTrustedCAFileName()
public void setTrustedCAFileName(java.lang.String fileName) throws javax.management.InvalidAttributeValueException
fileName
- The new trustedCAFileName valuepublic int getPeerValidationEnforced()
public void setPeerValidationEnforced(int checkLevel) throws javax.management.InvalidAttributeValueException
checkLevel
- The new peerValidationEnforced valuepublic boolean isKeyEncrypted()
public void setKeyEncrypted(boolean keyIsEncrypted) throws javax.management.InvalidAttributeValueException
keyIsEncrypted
- The new keyEncrypted valuepublic int getExportKeyLifespan()
public void setExportKeyLifespan(int lifespan) throws javax.management.InvalidAttributeValueException
lifespan
- The new exportKeyLifespan valuepublic boolean isClientCertificateEnforced()
public void setClientCertificateEnforced(boolean enforce)
enforce
- The new clientCertificateEnforced valuepublic java.lang.String getServerCertificateFileName()
public void setServerCertificateFileName(java.lang.String fileName)
fileName
- The new serverCertificateFileName valuepublic int getListenPort()
isEnabled()
,
ServerMBean.getListenPort()
,
ServerMBean.getAdministrationPort()
,
NetworkChannelMBean.getListenPort()
,
NetworkChannelMBean.getSSLListenPort()
public void setListenPort(int port)
port
- The new listenPort valueisEnabled()
,
ServerMBean.getListenPort()
,
ServerMBean.getAdministrationPort()
,
NetworkChannelMBean.getListenPort()
,
NetworkChannelMBean.getSSLListenPort()
public java.lang.String getServerCertificateChainFileName()
public void setServerCertificateChainFileName(java.lang.String fileName)
fileName
- The new serverCertificateChainFileName valuepublic int getCertificateCacheSize()
public void setCertificateCacheSize(int size)
size
- The new certificateCacheSize valuepublic boolean isHandlerEnabled()
public void setHandlerEnabled(boolean enable)
enable
- The new handlerEnabled valuepublic int getLoginTimeoutMillis()
If clients are connecting over the Internet, raise the default number to accommodate additional network latency.
ServerMBean.getLoginTimeoutMillis()
,
NetworkChannelMBean.getLoginTimeoutMillisSSL()
public void setLoginTimeoutMillis(int millis)
If clients are connecting over the Internet, raise the default number to accommodate additional network latency.
millis
- The new loginTimeoutMillis valueServerMBean.getLoginTimeoutMillis()
,
NetworkChannelMBean.getLoginTimeoutMillisSSL()
public java.lang.String getServerKeyFileName()
public void setServerKeyFileName(java.lang.String fileName)
fileName
- The new serverKeyFileName valuepublic boolean isTwoWaySSLEnabled()
public void setTwoWaySSLEnabled(boolean enabled)
enabled
- The new twoWaySSLEnabled valuepublic java.lang.String getServerPrivateKeyAlias()
public void setServerPrivateKeyAlias(java.lang.String alias)
alias
- The new serverPrivateKeyAlias valuepublic java.lang.String getServerPrivateKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
As of 8.1 sp4, the getServerPrivateKeyPassPhrase()
method does the following:
ServerPrivateKeyPassPhraseEncrypted
attribute.
Using getServerPrivateKeyPassPhrase()
is a potential
security risk because
the String object (which contains the unencrypted passphrase) remains in
the JVM's memory until garbage collection removes it. Depending on how
memory is allocated in the JVM, a significant amount of time could pass
before this unencrypted data is removed from memory.
Instead of using this method, use
getServerPrivateKeyPassPhraseEncrypted()
to retrieve the encrypted pass phrase. On the same WebLogic Server that
encrypted the value of the ServerPrivateKeyPassPhraseEncrypted attribute, use
weblogic.management.EncryptionHelper.encrypt()
to encrypt the user-supplied pass phrase. Then compare the encrypted values.
getServerPrivateKeyPassPhraseEncrypted()
public void setServerPrivateKeyPassPhrase(java.lang.String phrase)
As of 8.1 sp4, this method does the following:
ServerPrivateKeyPassPhraseEncrypted
attribute to the encrypted parameter value.
phrase
- The new serverPrivateKeyPassPhrase valuesetServerPrivateKeyPassPhraseEncrypted(byte[] bytes)
public byte[] getServerPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
EncryptionHelper
public void setServerPrivateKeyPassPhraseEncrypted(byte[] bytes)
Encrypts and sets the value of the ServerPrivateKeyPassPhraseEncrypted attribute.
bytes
- The new serverPrivateKeyPassPhrase value a byte array.getServerPrivateKeyPassPhraseEncrypted()
public boolean isSSLRejectionLoggingEnabled()
public void setSSLRejectionLoggingEnabled(boolean enabled)
enabled
- The new sSLRejectionLoggingEnabled valuepublic java.lang.String getIdentityAndTrustLocations()
If set to KEYSTORES, then SSL retrieves the identity and trust from the server's keystores (that are configured on the Server MBean).
If set to FILES_OR_KEYSTORE_PROVIDERS, then SSL first looks in the deprecated KeyStore providers for the identity and trust. If not found, then it looks in the flat files indicated by the SSLMBean's TrustedCAFileName, ServerCertificateFileName and ServerKeyFileName attributes.
Domains created in WLS 8.1 or later default to KEYSTORES. Domains created before WLS 8.1 default to FILES_OR_KEYSTORE_PROVIDERS.
public void setIdentityAndTrustLocations(java.lang.String locations)
locations
- The new identityAndTrustLocations value
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |