BEA Systems, Inc.

WebLogic Server 8.1 API Reference
Interface SecurityMBean

public interface SecurityMBean
extends ConfigurationMBean

Specifies the security properties of a WebLogic domain.

Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Field Summary
Fields inherited from class
Method Summary
 java.lang.String getAuditProviderClassName()
 java.lang.String getConnectionFilter()
          The name of the Java class that implements a connection filter.
 java.lang.String[] getConnectionFilterRules()
          The list of rules for the system connection filter.
 boolean getConnectionLoggerEnabled()
          Enables the logging of accepted connections.
 java.lang.String getName()
          Returns the name of the MBean. getPasswordPolicy()
          Deprecated. getRealm()
          Sets the realm policies.
 ServerSecurityRuntimeMBean getServerSecurityRuntime()
          Returns the state of security on the specified WebLogic Server.
 java.lang.String getSystemUser()
          The name of the system user.
 boolean isCompatibilityMode()
          Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.
 boolean isCustomObjectAuthenticationEnabled()
 boolean isGuestDisabled()
 void setAuditProviderClassName(java.lang.String className)
 void setCompatibilityMode(boolean disable)
 void setConnectionFilter(java.lang.String filter)
 void setConnectionFilterRules(java.lang.String[] filterList)
 void setConnectionLoggerEnabled(boolean logging)
 void setCustomObjectAuthenticationEnabled(boolean enable)
 void setGuestDisabled(boolean disable)
 void setInteropEnabled(boolean disable)
 void setInteropUsername(java.lang.String username)
 void setName(java.lang.String name)
          Set the name of the MBean.
 void setPasswordPolicy( realm)
 void setRealm( realm)
 void setRealmSetup(boolean disable)
 void setSystemUser(java.lang.String user)
Methods inherited from interface
freezeCurrentValue, getNotes, restoreDefaultValue, setComments, setDefaultedMBean, setNotes, setPersistenceEnabled
Methods inherited from interface
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent
Methods inherited from interface
getAttribute, getAttributes, invoke, setAttribute, setAttributes
Methods inherited from interface
postDeregister, postRegister, preRegister
Methods inherited from interface
addNotificationListener, getNotificationInfo, removeNotificationListener

Field Detail


public static final long CACHING_STUB_SVUID
Method Detail


public void setName(java.lang.String name)
Set the name of the MBean.

Legal Value: LegalHelper.securityMBeanSetNameLegalCheck(self,value);


public java.lang.String getName()
Returns the name of the MBean.


public getRealm()
Sets the realm policies.

A dynamic MBean attribute


public void setRealm( realm)


public java.lang.String getAuditProviderClassName()


public void setAuditProviderClassName(java.lang.String className)


public boolean isGuestDisabled()
Specifies whether or not guest logins can be used to access WebLogic Server resources. This attribute is used in Compatibility mode.

Default Value: true


public void setGuestDisabled(boolean disable)


public boolean isCustomObjectAuthenticationEnabled()
Specifies whether to allow Custom UserInfo Objects for login.

Default Value: false


public void setCustomObjectAuthenticationEnabled(boolean enable)


public java.lang.String getConnectionFilter()
The name of the Java class that implements a connection filter. The connection filter must be an implementation of the interface. WebLogic Server provides a default implementation.

Default Value: null


public void setConnectionFilter(java.lang.String filter)


public java.lang.String getSystemUser()
The name of the system user. This attribute must be specified.

Default Value: "system"
Legal NULL: false


public void setSystemUser(java.lang.String user)


public getPasswordPolicy()
Sets the password policy. This interface is used in Compatibility mode.


public void setPasswordPolicy( realm)


public ServerSecurityRuntimeMBean getServerSecurityRuntime()
Returns the state of security on the specified WebLogic Server. Returns null if the specified server is not running.


public void setRealmSetup(boolean disable)


public boolean isCompatibilityMode()
Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.

A dynamic MBean attribute
Default Value: false


public void setCompatibilityMode(boolean disable)


public void setInteropEnabled(boolean disable)


public void setInteropUsername(java.lang.String username)


public java.lang.String[] getConnectionFilterRules()
The list of rules for the system connection filter. If none are specified, all connections are accepted.

The syntax of the rules is as follows:

  • Each rule must be written on a single line in the source code.
  • Tokens in a rule are separated by white space.
  • A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.
  • Whitespace before or after a rule is ignored.
  • Lines consisting only of whitespace or comments are skipped.

    All rules have the following format:

    target localAddress localPort action protocols


    target specifies one or more servers to filter.

    localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

    localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).

    action specifies the action to perform. The value must be allow or deny).

    protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

    Two kinds of rules are recognized:

    • A fast rule applies to a hostname or IP address with an optional netmask. If a hostname corresponds to multiple IP addresses, multiple rules are generated (in no particular order). Netmasks can be specified either in numeric or dotted-quad form. For example: 7001 deny t3 t3s # http(s) OK 8001 allow # 23-bit netmask 8002 deny # like /

      Hostnames for fast rules are looked up once at server startup. While this design greatly reduces overhead at connect time, it can result in the filter obtaining out of date information about what addresses correspond to a host name. BEA Systems recommends using numeric IP addresses instead.

    • A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup on the client-side in order to perform a match, a slow rule may be much slower than the fast rule. Slow rules are also subject to DNS spoofing. Slow rules are specified as follows:

      * 7001 deny

      An asterisk only matches at the head of a pattern. If you specify an asterisk anywhere else in a rule, it is treated as part of the pattern. Note that the pattern will never match a domain name since an asterisk is not a legal part of a domain name.

    When a client connects to WebLogic Server, these rules are evaluated in the order in which they were written. The first rule to match determines how the connection is treated. If no rules match, the connection is permitted.

    If you want to further protect your server and only allow connections from certain addresses, you can specify * * deny as your last rule.

    A dynamic MBean attribute
    Default Value: null
    Legal Value: SecurityLegalHelper.isLegalFilterRules(self,value);

  • setConnectionFilterRules

    public void setConnectionFilterRules(java.lang.String[] filterList)


    public boolean getConnectionLoggerEnabled()
    Enables the logging of accepted connections. This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

    A dynamic MBean attribute
    Default Value: false


    public void setConnectionLoggerEnabled(boolean logging)

    Documentation is available at