WebLogic Server 8.1 API Reference

weblogic.management.configuration
Interface SecurityMBean

Deprecated. Deprecated in WebLogic Server version 7.0. Replaced by the new Security architecture.

public interface SecurityMBean

extends ConfigurationMBean

Specifies the security attributes of a WebLogic domain.

Author:

Copyright © 2002 BEA Systems, Inc. All Rights Reserved.

Field Summary

static long

CACHING_STUB_SVUID Deprecated.

Fields inherited from class weblogic.management.configuration.ConfigurationMBean

CACHING_STUB_SVUID

Method Summary

java.lang.String	getAuditProviderClassName() Deprecated.
java.lang.String	getConnectionFilter() Deprecated. The name of the Java class that implements a connection filter.
java.lang.String[]	getConnectionFilterRules() Deprecated. The list of rules for the system connection filter.
boolean	getConnectionLoggerEnabled() Deprecated. Enables the logging of accepted connections.
java.lang.String	getName() Deprecated. Returns the name of the MBean.
weblogic.management.configuration.PasswordPolicyMBean	getPasswordPolicy() Deprecated. Sets the password policy.
weblogic.management.configuration.RealmMBean	getRealm() Deprecated. Sets the realm policies.
ServerSecurityRuntimeMBean	getServerSecurityRuntime() Deprecated. Returns the state of security on the specified WebLogic Server.
java.lang.String	getSystemUser() Deprecated. The name of the system user.
boolean	isCompatibilityMode() Deprecated. Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.
boolean	isGuestDisabled() Deprecated. Specifies whether or not guest user logins can be used to access WebLogic resources.
void	setAuditProviderClassName(java.lang.String className) Deprecated.
void	setCompatibilityMode(boolean disable) Deprecated.
void	setConnectionFilter(java.lang.String filter) Deprecated.
void	setConnectionFilterRules(java.lang.String[] filterList) Deprecated.
void	setConnectionLoggerEnabled(boolean logging) Deprecated.
void	setGuestDisabled(boolean disable) Deprecated.
void	setInteropEnabled(boolean disable) Deprecated.
void	setInteropPassword(java.lang.String password) Deprecated.
void	setInteropUsername(java.lang.String username) Deprecated.
void	setName(java.lang.String name) Deprecated. Set the name of the MBean.
void	setPasswordPolicy(weblogic.management.configuration.PasswordPolicyMBean realm) Deprecated.
void	setRealm(weblogic.management.configuration.RealmMBean realm) Deprecated.
void	setRealmSetup(boolean disable) Deprecated.
void	setSystemUser(java.lang.String user) Deprecated.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getNotes, restoreDefaultValue, setComments, setDefaultedMBean, setNotes, setPersistenceEnabled

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Field Detail

CACHING_STUB_SVUID

public static final long CACHING_STUB_SVUID

Deprecated.

Method Detail

setName

public void setName(java.lang.String name)
             throws javax.management.InvalidAttributeValueException

Deprecated.

Set the name of the MBean.

Legal Value: LegalHelper.securityMBeanSetNameLegalCheck(self,value);

getName

public java.lang.String getName()

Deprecated.

Returns the name of the MBean.

getRealm

public weblogic.management.configuration.RealmMBean getRealm()

Deprecated.

Sets the realm policies.

A dynamic MBean attribute

setRealm

public void setRealm(weblogic.management.configuration.RealmMBean realm)
              throws javax.management.InvalidAttributeValueException

Deprecated.

getAuditProviderClassName

public java.lang.String getAuditProviderClassName()

Deprecated.

setAuditProviderClassName

public void setAuditProviderClassName(java.lang.String className)
                               throws javax.management.InvalidAttributeValueException

Deprecated.

isGuestDisabled

public boolean isGuestDisabled()

Deprecated.

Specifies whether or not guest user logins can be used to access WebLogic resources. Applies to 6.x deployments using Compatibility security. This attribute is deprecated.

Default Value: true

setGuestDisabled

public void setGuestDisabled(boolean disable)

Deprecated.

getConnectionFilter

public java.lang.String getConnectionFilter()

Deprecated.

The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.

Default Value: null

setConnectionFilter

public void setConnectionFilter(java.lang.String filter)
                         throws javax.management.InvalidAttributeValueException

Deprecated.

getSystemUser

public java.lang.String getSystemUser()

Deprecated.

The name of the system user. This attribute must be specified.

Default Value: "system"

Legal NULL: false

setSystemUser

public void setSystemUser(java.lang.String user)
                   throws javax.management.InvalidAttributeValueException

Deprecated.

getPasswordPolicy

public weblogic.management.configuration.PasswordPolicyMBean getPasswordPolicy()

Deprecated.

Sets the password policy.

A dynamic MBean attribute

setPasswordPolicy

public void setPasswordPolicy(weblogic.management.configuration.PasswordPolicyMBean realm)
                       throws javax.management.InvalidAttributeValueException

Deprecated.

getServerSecurityRuntime

public ServerSecurityRuntimeMBean getServerSecurityRuntime()

Deprecated.

Returns the state of security on the specified WebLogic Server. Returns null if the specified server is not running.

setRealmSetup

public void setRealmSetup(boolean disable)

Deprecated.

isCompatibilityMode

public boolean isCompatibilityMode()

Deprecated.

Specifies whether migration from a WebLogic Server 6.x security configuration is enabled.

A dynamic MBean attribute

Default Value: false

setCompatibilityMode

public void setCompatibilityMode(boolean disable)

Deprecated.

setInteropEnabled

public void setInteropEnabled(boolean disable)

Deprecated.

setInteropUsername

public void setInteropUsername(java.lang.String username)
                        throws javax.management.InvalidAttributeValueException

Deprecated.

setInteropPassword

public void setInteropPassword(java.lang.String password)
                        throws javax.management.InvalidAttributeValueException

Deprecated.

getConnectionFilterRules

public java.lang.String[] getConnectionFilterRules()

Deprecated.

The list of rules for the system connection filter. If none are specified, all connections are accepted.

The syntax of the rules is as follows:

Each rule must be written on a single line in the source code.

Tokens in a rule are separated by white space.

A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.

Whitespace before or after a rule is ignored.

Lines consisting only of whitespace or comments are skipped.

All rules have the following format:

target localAddress localPort action protocols

where

target specifies one or more servers to filter.

localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).

action specifies the action to perform. The value must be allow or deny).

protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

Two kinds of rules are recognized:

• A fast rule applies to a hostname or IP address with an optional netmask. If a hostname corresponds to multiple IP addresses, multiple rules are generated (in no particular order). Netmasks can be specified either in numeric or dotted-quad form. For example:

  dialup-555-1212.pa.example.net 127.0.0.1 7001 deny t3 t3s # http(s) OK 192.168.81.0/255.255.254.0 127.0.0.1 8001 allow # 23-bit netmask 192.168.0.0/16 127.0.0.1 8002 deny # like /255.255.0.0

  Hostnames for fast rules are looked up once at server startup. While this design greatly reduces overhead at connect time, it can result in the filter obtaining out of date information about what addresses correspond to a host name. BEA Systems recommends using numeric IP addresses instead.

• A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup on the client-side in order to perform a match, a slow rule may be much slower than the fast rule. Slow rules are also subject to DNS spoofing. Slow rules are specified as follows:

  *.script-kiddiez.org 127.0.0.1 7001 deny

  An asterisk only matches at the head of a pattern. If you specify an asterisk anywhere else in a rule, it is treated as part of the pattern. Note that the pattern will never match a domain name since an asterisk is not a legal part of a domain name.

When a client connects to WebLogic Server, these rules are evaluated in the order in which they were written. The first rule to match determines how the connection is treated. If no rules match, the connection is permitted.

If you want to further protect your server and only allow connections from certain addresses, you can specify 0.0.0.0/0 * * deny as your last rule.

A dynamic MBean attribute

Default Value: null

Legal Value: SecurityLegalHelper.isLegalFilterRules(self,value);

setConnectionFilterRules

public void setConnectionFilterRules(java.lang.String[] filterList)

Deprecated.

getConnectionLoggerEnabled

public boolean getConnectionLoggerEnabled()

Deprecated.

Enables the logging of accepted connections. This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

A dynamic MBean attribute

Default Value: false

setConnectionLoggerEnabled

public void setConnectionLoggerEnabled(boolean logging)
                                throws javax.management.InvalidAttributeValueException

Deprecated.