Configuration Options Related Tasks Related Topics
This page allows you to define the general configuration of this security realm.
A security realm provides all the auditing, authentication, authorization, credential mapping, and role mapping services to a WebLogic Server deployment. You can configure multiple security realms within a single WebLogic Server deployment. Only one security realm is designated as the default security realm.
For any security realm to be valid, configure each of the following types of security providers (in any order):
At least one Authorization, Credential Mapping, and Role Mapping
provider in the security realm must implement the
DeployableAuthorizationProvider
,
DeployableCredentialProvider
, and
DeployableRoleProvider
Security Service Provider Interface
(SSPI), respectively. These SSPIs allow the providers to store (rather
than retrieve) information from deployment descriptors.
Name | Description |
---|---|
Name |
The name of this security realm. |
Check Roles and Policies |
Specifies when this security realm should perform authorization checks on requests for access to Web applications and Enterprise JavaBeans (EJBs). Used with the Advanced security model. To give you control over performance, the WebLogic Server Administration Console requires you to specify how the WebLogic Security Service should perform security checks. You specify this preference using the Check Roles and Policies attribute on the security realm. When the value of the Check Roles and Policies setting is:
If you decide that the WebLogic Security Service should perform security checks on All Web applications and EJBs in the Check Roles and Policies drop-down menu, you also need to tell WebLogic Server which technique you want to use to secure these URL (Web) and EJB resources. You specify this preference using the Future Redeploys attribute. |
On Future Redeploys |
Used with the Advanced security model. Specifies whether security data is copied from the deployment descriptors into the appropriate security provider databases each time the Web application or EJB is deployed. You should set the value of the Future Redeploys drop-down menu as follows:
|
Ignore Deploy Credential Mapping |
Specifies whether the Credential Mapping providers in this security
realm will use only credential maps created using the Administration
Console. By default, this box is unchecked, meaning that the
Credential Mapping provider will load credential maps specified in a
It is important to understand that once information from a
To avoid overwriting new credential mapping information with old
information in a MBean Attribute: Changes take effect after you redeploy the module or restart the server. |
Security Model |
Specifies the default security deployment model for applications deployed in this security realm. Security models apply to applications containing EJBs or WARs. Using the Deployment Assistant in the Console, choose one of these security models:
Refer to "Securing WebLogic Resources" for details about the security models. MBean Attribute: |
Combined Role Mapping Enabled |
Specifies whether application role mappings are combined by the J2EE containers. If false the containers need internally defined mappings to use application role mappings. The setting is provided for backward compatibility with version (8.x) of WebLogic Server. For all applications initially deployed in version 9.x, the default value for this setting true (enabled). For all applications previously deployed in version 8.1 and upgraded to version 9.x, the default value is false (disabled). The - Application role mappings are combined with EJB and Web application mappings such that all principal mappings are included. - The Web application container does not assume any role mapping defined for the Enterprise Application container, but instead creates an empty role map - The EJB container does not assume any role mapping defined for the Enterprise or Application container, but instead creates an empty role map Refer to "Securing WebLogic Resources" for details MBean Attribute: |