WebLogic Server 8.1 API Reference

weblogic.management.security
Interface RealmMBean

public interface RealmMBean

extends weblogic.management.commo.StandardInterface

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

Author:

Copyright © 2004 BEA Systems, Inc. All Rights Reserved.

Method Summary

AdjudicatorMBean	getAdjudicator() The Adjudication provider for the security realm.
weblogic.management.security.audit.AuditorMBean[]	getAuditors() The Auditing providers for the security realm in order of invocation.
AuthenticationProviderMBean[]	getAuthenticationProviders() The Authentication providers for the security realm in order of invocation.
AuthorizerMBean[]	getAuthorizers() The Authorization providers for the security realm in order of invocation.
CredentialMapperMBean[]	getCredentialMappers() The Credential Mapping providers for the security realm in order of invocation.
KeyStoreMBean[]	getKeyStores() Deprecated.
java.lang.Integer	getMaxWebLogicPrincipalsInCache() The maximum size of the LRU cache for holding WebLogic Principal signatures.
RoleMapperMBean[]	getRoleMappers() The Role Mapping providers for the security realm in order of invocation.
UserLockoutManagerMBean	getUserLockoutManager() The user lockout manager for the security realm.
boolean	isDefaultRealm() Specifies whether or not this security realm is the Default realm for the WebLogic domain.
boolean	isDeployCredentialMappingIgnored() Specifies whether or not credential mapping deployment calls on the Credential Manager are ignored or passed to the configured Credential Mapping providers.
boolean	isDeployPolicyIgnored() Specifies whether or not security policy deployment calls on the Authorization Manager are ignored or passed to the configured Authorization providers.
boolean	isDeployRoleIgnored() Specifies whether or not role deployment calls on the Role Manager are ignored or passed to the configured Role Mapping providers.
boolean	isEnableWebLogicPrincipalValidatorCache() Specifies whether or not the WebLogic Principal Validator caching is enabled.
boolean	isFullyDelegateAuthorization() Specifies whether or not the Web and EJB containers should call the security framework on every access.
boolean	isUseDeprecatedWebResource() Web resources were deprecated in WebLogic Server 7.0 SP01.
void	setAdjudicator(AdjudicatorMBean newValue) The Adjudication provider for the security realm.
void	setAuditors(weblogic.management.security.audit.AuditorMBean[] newValue) The Auditing providers for the security realm in order of invocation.
void	setAuthenticationProviders(AuthenticationProviderMBean[] newValue) The Authentication providers for the security realm in order of invocation.
void	setAuthorizers(AuthorizerMBean[] newValue) The Authorization providers for the security realm in order of invocation.
void	setCredentialMappers(CredentialMapperMBean[] newValue) The Credential Mapping providers for the security realm in order of invocation.
void	setDefaultRealm(boolean newValue) Specifies whether or not this security realm is the Default realm for the WebLogic domain.
void	setDeployCredentialMappingIgnored(boolean newValue) Specifies whether or not credential mapping deployment calls on the Credential Manager are ignored or passed to the configured Credential Mapping providers.
void	setDeployPolicyIgnored(boolean newValue) Specifies whether or not security policy deployment calls on the Authorization Manager are ignored or passed to the configured Authorization providers.
void	setDeployRoleIgnored(boolean newValue) Specifies whether or not role deployment calls on the Role Manager are ignored or passed to the configured Role Mapping providers.
void	setEnableWebLogicPrincipalValidatorCache(boolean newValue) Specifies whether or not the WebLogic Principal Validator caching is enabled.
void	setFullyDelegateAuthorization(boolean newValue) Specifies whether or not the Web and EJB containers should call the security framework on every access.
void	setKeyStores(KeyStoreMBean[] newValue) Deprecated.
void	setMaxWebLogicPrincipalsInCache(java.lang.Integer newValue) The maximum size of the LRU cache for holding WebLogic Principal signatures.
void	setRoleMappers(RoleMapperMBean[] newValue) The Role Mapping providers for the security realm in order of invocation.
void	setUseDeprecatedWebResource(boolean newValue) Web resources were deprecated in WebLogic Server 7.0 SP01.
void	setUserLockoutManager(UserLockoutManagerMBean newValue) The user lockout manager for the security realm.
void	validate() Checks that the realm is valid.

Methods inherited from interface weblogic.management.commo.StandardInterface

wls_getAttributeTag, wls_getConstructorTag, wls_getDisplayName, wls_getInterfaceClassName, wls_getMBeanTag, wls_getNotificationTag, wls_getObjectName, wls_getOperationTag, wls_instanceOf

Method Detail

getAuthenticationProviders

public AuthenticationProviderMBean[] getAuthenticationProviders()

The Authentication providers for the security realm in order of invocation. Authentication providers can either be a WebLogic Authentication provider or a Custom Authentication provider. The active security realm must have at least one defined Authentication provider (an Identity Assertion provider is not considered an Authentication provider).

Legal NULL: true

setAuthenticationProviders

public void setAuthenticationProviders(AuthenticationProviderMBean[] newValue)
                                throws javax.management.InvalidAttributeValueException

The Authentication providers for the security realm in order of invocation. Authentication providers can either be a WebLogic Authentication provider or a Custom Authentication provider. The active security realm must have at least one defined Authentication provider (an Identity Assertion provider is not considered an Authentication provider).

Legal NULL: true

Parameters:

newValue - - new value for attribute AuthenticationProviders

Throws:

javax.management.InvalidAttributeValueException -

getRoleMappers

public RoleMapperMBean[] getRoleMappers()

The Role Mapping providers for the security realm in order of invocation. Role Mapping providers can either be a WebLogic Role Mapping provider or a Custom Role Mapping provider. The active security realm must have at least one defined Role Mapping provider. One of the Role Mapping providers must implement the DeployableRoleProvider;/code> SSPI.

Legal NULL: true

setRoleMappers

public void setRoleMappers(RoleMapperMBean[] newValue)
                    throws javax.management.InvalidAttributeValueException

The Role Mapping providers for the security realm in order of invocation. Role Mapping providers can either be a WebLogic Role Mapping provider or a Custom Role Mapping provider. The active security realm must have at least one defined Role Mapping provider. One of the Role Mapping providers must implement the DeployableRoleProvider;/code> SSPI.

Legal NULL: true

Parameters:

newValue - - new value for attribute RoleMappers

Throws:

javax.management.InvalidAttributeValueException -

getAuthorizers

public AuthorizerMBean[] getAuthorizers()

The Authorization providers for the security realm in order of invocation. Authorization providers can either be a WebLogic Authorization provider or a Custom Authorization provider. The active security realm must have at least one defined Authorization provider. One of the Authorization providers must implement the DeployableAuthorizationProvider;/code> SSPI.

Legal NULL: true

setAuthorizers

public void setAuthorizers(AuthorizerMBean[] newValue)
                    throws javax.management.InvalidAttributeValueException

The Authorization providers for the security realm in order of invocation. Authorization providers can either be a WebLogic Authorization provider or a Custom Authorization provider. The active security realm must have at least one defined Authorization provider. One of the Authorization providers must implement the DeployableAuthorizationProvider;/code> SSPI.

Legal NULL: true

Parameters:

newValue - - new value for attribute Authorizers

Throws:

javax.management.InvalidAttributeValueException -

getAdjudicator

public AdjudicatorMBean getAdjudicator()

The Adjudication provider for the security realm. The Adjudication provider can either be a WebLogic Adjudication provider or a Custom Adjudication provider. The active security realm must have an Adjudication provider configured.

Legal NULL: true

setAdjudicator

public void setAdjudicator(AdjudicatorMBean newValue)
                    throws javax.management.InvalidAttributeValueException

The Adjudication provider for the security realm. The Adjudication provider can either be a WebLogic Adjudication provider or a Custom Adjudication provider. The active security realm must have an Adjudication provider configured.

Legal NULL: true

Parameters:

newValue - - new value for attribute Adjudicator

Throws:

javax.management.InvalidAttributeValueException -

getAuditors

public weblogic.management.security.audit.AuditorMBean[] getAuditors()

The Auditing providers for the security realm in order of invocation. Auditing providers can either be a WebLogic Auditing provider or a Custom Auditing provider. The active security realm may have zero or more defined Auditing providers.

Legal NULL: true

setAuditors

public void setAuditors(weblogic.management.security.audit.AuditorMBean[] newValue)
                 throws javax.management.InvalidAttributeValueException

The Auditing providers for the security realm in order of invocation. Auditing providers can either be a WebLogic Auditing provider or a Custom Auditing provider. The active security realm may have zero or more defined Auditing providers.

Legal NULL: true

Parameters:

newValue - - new value for attribute Auditors

Throws:

javax.management.InvalidAttributeValueException -

getCredentialMappers

public CredentialMapperMBean[] getCredentialMappers()

The Credential Mapping providers for the security realm in order of invocation. Credential Mapping providers can either be a WebLogic Credential Mapping provider or a Custom Credential Mapping provider. The active security realm must have at least one defined Credential Mapping provider. One of the Credential Mapping providers must implement the DeployableCredentialProvider;/code> SSPI.

Legal NULL: true

setCredentialMappers

public void setCredentialMappers(CredentialMapperMBean[] newValue)
                          throws javax.management.InvalidAttributeValueException

The Credential Mapping providers for the security realm in order of invocation. Credential Mapping providers can either be a WebLogic Credential Mapping provider or a Custom Credential Mapping provider. The active security realm must have at least one defined Credential Mapping provider. One of the Credential Mapping providers must implement the DeployableCredentialProvider;/code> SSPI.

Legal NULL: true

Parameters:

newValue - - new value for attribute CredentialMappers

Throws:

javax.management.InvalidAttributeValueException -

getKeyStores

public KeyStoreMBean[] getKeyStores()

Deprecated.

The Keystore providers for the security realm in order of invocation. Keystore providers can either be a WebLogic Keystore provider or a Custom Keystore provider. The active security realm may have zero or more Keystore providers. If no Keystore provider is specified, the key attributes on the deprecated SSL MBean will be used to get the pathnames to the files containing the keys. This attribute was deprecated in WLS 8.1.

Legal NULL: true

setKeyStores

public void setKeyStores(KeyStoreMBean[] newValue)
                  throws javax.management.InvalidAttributeValueException

Deprecated.

The Keystore providers for the security realm in order of invocation. Keystore providers can either be a WebLogic Keystore provider or a Custom Keystore provider. The active security realm may have zero or more Keystore providers. If no Keystore provider is specified, the key attributes on the deprecated SSL MBean will be used to get the pathnames to the files containing the keys. This attribute was deprecated in WLS 8.1.

Legal NULL: true

Parameters:

newValue - - new value for attribute KeyStores

Throws:

javax.management.InvalidAttributeValueException -

getUserLockoutManager

public UserLockoutManagerMBean getUserLockoutManager()

The user lockout manager for the security realm. The active security realm must have one defined user lockout manager.

Legal NULL: true

setUserLockoutManager

public void setUserLockoutManager(UserLockoutManagerMBean newValue)
                           throws javax.management.InvalidAttributeValueException

The user lockout manager for the security realm. The active security realm must have one defined user lockout manager.

Legal NULL: true

Parameters:

newValue - - new value for attribute UserLockoutManager

Throws:

javax.management.InvalidAttributeValueException -

isDefaultRealm

public boolean isDefaultRealm()

Specifies whether or not this security realm is the Default realm for the WebLogic domain. Only one realm may have this attribute set to true. All other realms must have the attribute set to false.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setDefaultRealm

public void setDefaultRealm(boolean newValue)
                     throws javax.management.InvalidAttributeValueException

Specifies whether or not this security realm is the Default realm for the WebLogic domain. Only one realm may have this attribute set to true. All other realms must have the attribute set to false.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute DefaultRealm

Throws:

javax.management.InvalidAttributeValueException -

isDeployRoleIgnored

public boolean isDeployRoleIgnored()

Specifies whether or not role deployment calls on the Role Manager are ignored or passed to the configured Role Mapping providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setDeployRoleIgnored

public void setDeployRoleIgnored(boolean newValue)
                          throws javax.management.InvalidAttributeValueException

Specifies whether or not role deployment calls on the Role Manager are ignored or passed to the configured Role Mapping providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute DeployRoleIgnored

Throws:

javax.management.InvalidAttributeValueException -

isUseDeprecatedWebResource

public boolean isUseDeprecatedWebResource()

Web resources were deprecated in WebLogic Server 7.0 SP01. URL resources replace Web resources. If this security realm has an Authorization provider that requires the use of Web resources, set this attribute to true.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setUseDeprecatedWebResource

public void setUseDeprecatedWebResource(boolean newValue)
                                 throws javax.management.InvalidAttributeValueException

Web resources were deprecated in WebLogic Server 7.0 SP01. URL resources replace Web resources. If this security realm has an Authorization provider that requires the use of Web resources, set this attribute to true.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute UseDeprecatedWebResource

Throws:

javax.management.InvalidAttributeValueException -

isDeployPolicyIgnored

public boolean isDeployPolicyIgnored()

Specifies whether or not security policy deployment calls on the Authorization Manager are ignored or passed to the configured Authorization providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setDeployPolicyIgnored

public void setDeployPolicyIgnored(boolean newValue)
                            throws javax.management.InvalidAttributeValueException

Specifies whether or not security policy deployment calls on the Authorization Manager are ignored or passed to the configured Authorization providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute DeployPolicyIgnored

Throws:

javax.management.InvalidAttributeValueException -

isDeployCredentialMappingIgnored

public boolean isDeployCredentialMappingIgnored()

Specifies whether or not credential mapping deployment calls on the Credential Manager are ignored or passed to the configured Credential Mapping providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setDeployCredentialMappingIgnored

public void setDeployCredentialMappingIgnored(boolean newValue)
                                       throws javax.management.InvalidAttributeValueException

Specifies whether or not credential mapping deployment calls on the Credential Manager are ignored or passed to the configured Credential Mapping providers.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute DeployCredentialMappingIgnored

Throws:

javax.management.InvalidAttributeValueException -

isFullyDelegateAuthorization

public boolean isFullyDelegateAuthorization()

Specifies whether or not the Web and EJB containers should call the security framework on every access. If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

setFullyDelegateAuthorization

public void setFullyDelegateAuthorization(boolean newValue)
                                   throws javax.management.InvalidAttributeValueException

Specifies whether or not the Web and EJB containers should call the security framework on every access. If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Default Value: new java.lang.Boolean(false)

Legal NULL: true

Parameters:

newValue - - new value for attribute FullyDelegateAuthorization

Throws:

javax.management.InvalidAttributeValueException -

isEnableWebLogicPrincipalValidatorCache

public boolean isEnableWebLogicPrincipalValidatorCache()

Specifies whether or not the WebLogic Principal Validator caching is enabled. The Principal Validator is used by BEA supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures

Default Value: new java.lang.Boolean(true)

Legal NULL: true

setEnableWebLogicPrincipalValidatorCache

public void setEnableWebLogicPrincipalValidatorCache(boolean newValue)
                                              throws javax.management.InvalidAttributeValueException

Specifies whether or not the WebLogic Principal Validator caching is enabled. The Principal Validator is used by BEA supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures

Default Value: new java.lang.Boolean(true)

Legal NULL: true

Parameters:

newValue - - new value for attribute EnableWebLogicPrincipalValidatorCache

Throws:

javax.management.InvalidAttributeValueException -

getMaxWebLogicPrincipalsInCache

public java.lang.Integer getMaxWebLogicPrincipalsInCache()

The maximum size of the LRU cache for holding WebLogic Principal signatures. The default is 500.

Default Value: new java.lang.Integer(500)

Legal NULL: true

setMaxWebLogicPrincipalsInCache

public void setMaxWebLogicPrincipalsInCache(java.lang.Integer newValue)
                                     throws javax.management.InvalidAttributeValueException

The maximum size of the LRU cache for holding WebLogic Principal signatures. The default is 500.

Default Value: new java.lang.Integer(500)

Legal NULL: true

Parameters:

newValue - - new value for attribute MaxWebLogicPrincipalsInCache

Throws:

javax.management.InvalidAttributeValueException -

validate

public void validate()
              throws ErrorCollectionException

Checks that the realm is valid. If the realm is not valid, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, one for each reason that the realm is not valid. The text of each exception describes the problem.

Throws:

ErrorCollectionException -