|
BEA Systems, Inc. | |||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
MBeanHome
interface.)This MBean represents the configuration of the SSL protocol.
This is a type-safe interface for a
WebLogic Server MBean, which you can import into your client
classes and access through
weblogic.management.MBeanHome
. As of 9.0, the
MBeanHome
interface and all type-safe interfaces for
WebLogic Server MBeans are deprecated. Instead, client classes that
interact with WebLogic Server MBeans should use standard JMX design
patterns in which clients use the
javax.management.MBeanServerConnection
interface to
discover MBeans, attributes, and attribute types at runtime. For
more information, see "Developing Manageable Applications with JMX"
on http://www.oracle.com/technology/documentation/index.html.
Field Summary | |
static String |
BUILTIN_SSL_VALIDATION_AND_CERT_PATH_VALIDATORS
Indicates that the built-in SSL certificate validation should be used to complete and validate the peer's certificate chain then the configured CertPathValidator security providers should be used to perform extra validation on the chain. |
static String |
BUILTIN_SSL_VALIDATION_ONLY
Indicates that only the built-in SSL certificate validation should be used to complete and validate the peer's certificate chain. |
static String |
IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS
|
static String |
IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES
|
Fields inherited from interface weblogic.management.configuration.ConfigurationMBean |
DEFAULT_EMPTY_BYTE_ARRAY |
Method Summary | |
String[] |
getCiphersuites()
Indicates the cipher suites being used on a particular WebLogic Server. |
int |
getExportKeyLifespan()
Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. |
String |
getHostnameVerifier()
The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface. |
String |
getIdentityAndTrustLocations()
Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs). |
String |
getInboundCertificateValidation()
Indicates the client certificate validation rules for inbound SSL. |
int |
getListenPort()
The TCP/IP port at which this server listens for SSL connection requests. |
int |
getLoginTimeoutMillis()
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. |
String |
getOutboundCertificateValidation()
Indicates the server certificate validation rules for outbound SSL. |
int |
getPeerValidationEnforced()
Deprecated. 6.1.0.0 this is an unused attribute. |
String |
getServerCertificateChainFileName()
Deprecated. 7.0.0.0 server certificates (and chains) should be stored in keystores. |
String |
getServerCertificateFileName()
Deprecated. 8.1.0.0 server certificates (and chains) should be stored in keystores. |
String |
getServerKeyFileName()
Deprecated. 8.1.0.0 private keys should be stored in keystores. |
String |
getServerPrivateKeyAlias()
The string alias used to store and retrieve the server's private key in the keystore. |
String |
getServerPrivateKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore. |
byte[] |
getServerPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the server's private key from the keystore. |
String |
getTrustedCAFileName()
Deprecated. 8.1.0.0 trusted CAs should be stored in keystores. |
boolean |
isClientCertificateEnforced()
Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server. |
boolean |
isEnabled()
Indicates whether the server can be reached through the default SSL listen port. |
boolean |
isHostnameVerificationIgnored()
Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server). |
boolean |
isSSLRejectionLoggingEnabled()
Indicates whether warning messages are logged in the server log when SSL connections are rejected. |
boolean |
isTwoWaySSLEnabled()
The form of SSL that should be used. |
void |
setCertAuthenticator(String classname)
Sets the value of the CertAuthenticator attribute. |
void |
setCiphersuites(String[] ciphers)
Sets the value of the Ciphersuites attribute. |
void |
setClientCertificateEnforced(boolean enforce)
Sets the value of the ClientCertificateEnforced attribute. |
void |
setEnabled(boolean enable)
|
void |
setExportKeyLifespan(int lifespan)
Sets the value of the ExportKeyLifespan attribute. |
void |
setHostnameVerificationIgnored(boolean ignoreFlag)
Sets the value of the HostnameVerificationIgnored attribute. |
void |
setHostnameVerifier(String classname)
Sets the value of the HostnameVerifier attribute. |
void |
setIdentityAndTrustLocations(String locations)
Sets the value of the IdentityAndTrustLocations attribute. |
void |
setInboundCertificateValidation(String validationStyle)
Sets the value of the InboundCertificateValidation attribute. |
void |
setListenPort(int port)
Set the value of the ListenPort attribute. |
void |
setLoginTimeoutMillis(int millis)
Sets the value of the LoginTimeoutMillis attribute. |
void |
setOutboundCertificateValidation(String validationStyle)
Sets the value of the OutboundCertificateValidation attribute. |
void |
setPeerValidationEnforced(int checkLevel)
Sets the value of the PeerValidationEnforced attribute. |
void |
setServerCertificateChainFileName(String fileName)
Deprecated. 7.0.0.0 Server certificates (and chains) should be stored in keystores. |
void |
setServerCertificateFileName(String fileName)
Deprecated. 8.1.0.0 server certificates (and chains) should be stored in keystores. |
void |
setServerKeyFileName(String fileName)
Deprecated. 8.1.0.0 private keys should be stored in keystores. |
void |
setServerPrivateKeyAlias(String alias)
Sets the value of the ServerPrivateKeyAlias attribute. |
void |
setServerPrivateKeyPassPhrase(String phrase)
Sets the value of the ServerPrivateKeyPassPhrase attribute. |
void |
setServerPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)
Sets the value of the ServerPrivateKeyPassPhrase attribute. |
void |
setSSLRejectionLoggingEnabled(boolean enabled)
Sets the value of the SSLRejectionLoggingEnabled attribute. |
void |
setTrustedCAFileName(String fileName)
Deprecated. 8.1.0.0 trusted CAs should be stored in keystores. |
void |
setTwoWaySSLEnabled(boolean enabled)
Sets the value of the TwoWaySSLEnabled attribute. |
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
freezeCurrentValue, getName, getNotes, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet |
Methods inherited from interface weblogic.management.WebLogicMBean |
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent |
Methods inherited from interface javax.management.DynamicMBean |
getAttribute, getAttributes, invoke, setAttribute, setAttributes |
Methods inherited from interface javax.management.MBeanRegistration |
postDeregister, postRegister, preDeregister, preRegister |
Methods inherited from interface javax.management.NotificationBroadcaster |
addNotificationListener, getNotificationInfo, removeNotificationListener |
Methods inherited from interface weblogic.descriptor.DescriptorBean |
addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener |
Field Detail |
public static final String BUILTIN_SSL_VALIDATION_AND_CERT_PATH_VALIDATORS
public static final String BUILTIN_SSL_VALIDATION_ONLY
public static final String IDENTITY_AND_TRUST_LOCATIONS_FILES_OR_KEYSTORE_PROVIDERS
public static final String IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES
Method Detail |
public String[] getCiphersuites()
Indicates the cipher suites being used on a particular WebLogic Server.
The possible values are:
TLS_NULL_WITH_NULL_NULL
TLS_RSA_WITH_NULL_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
TLS_DH_anon_WITH_RC4_128_MD5
TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
The default is TLS_RSA_EXPORT_WITH_RC4_40_MD5.
public int getExportKeyLifespan()
Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key. The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
public String getHostnameVerifier()
The name of the class that implements the weblogic.security.SSL.HostnameVerifier interface.
This class verifies whether the connection to the host with the hostname from URL should be allowed. The class is used to prevent man-in-the-middle attacks. The weblogic.security.SSL.HostnameVerifier has a verify() method that WebLogic Server calls on the client during the SSL handshake.
public String getIdentityAndTrustLocations()
Indicates where SSL should find the server's identity (certificate and private key) as well as the server's trust (trusted CAs).
If set to KEYSTORES
, then SSL retrieves the
identity and trust from the server's keystores (that are configured
on the Server).
If set to FILES_OR_KEYSTORE_PROVIDERS
, then SSL
first looks in the deprecated KeyStore providers for the identity
and trust. If not found, then it looks in the flat files indicated
by the SSL Trusted CA File Name, Server Certificate File Name, and
Server Key File Name attributes.
Domains created in WebLogic Server version 8.1 or later, default
to KEYSTORES
. Domains created before WebLogic Server
version 8.1, default to
FILES_OR_KEYSTORE_PROVIDERS.
public String getInboundCertificateValidation()
Indicates the client certificate validation rules for inbound SSL.
This attribute only applies to ports and network channels using 2-way SSL.
public int getListenPort()
The TCP/IP port at which this server listens for SSL connection requests.
isEnabled()
,
ServerMBean.getListenPort()
,
ServerMBean.getAdministrationPort()
,
NetworkAccessPointMBean.getListenPort()
public int getLoginTimeoutMillis()
Specifies the number of milliseconds that WebLogic Server waits for an SSL connection before timing out. SSL connections take longer to negotiate than regular connections.
If clients are connecting over the Internet, raise the default
number to accommodate additional network latency. A value of
0
disables the attribute.
ServerMBean.getLoginTimeoutMillis()
,
NetworkChannelMBean.getLoginTimeoutMillisSSL()
public String getOutboundCertificateValidation()
Indicates the server certificate validation rules for outbound SSL.
This attribute always applies to outbound SSL that is part of
WebLogic Server (that is, an Administration Server talking to the
Node Manager). It does not apply to application code in the server
that is using outbound SSL unless the application code uses a
weblogic.security.SSL.ServerTrustManager
that is
configured to use outbound SSL validation.
public int getPeerValidationEnforced()
public String getServerCertificateChainFileName()
The full directory location and name of the file containing an ordered list of certificate authorities trusted by WebLogic Server.
The .pem file extension indicates that method that should be used to read the file. Note that as of WebLogic Server version 7.0, the digital certificate for WebLogic Server should not be stored in a file.
public String getServerCertificateFileName()
The full directory location of the digital certificate file (.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that stored digital certificates in files.
The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.
public String getServerKeyFileName()
The full directory location of the private key file (.der or .pem) for the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store private keys in files. For a more secure deployment, BEA recommends saving private keys in keystores.
The file extension (.der or .pem) indicates the method that should be used to read the file.
public String getServerPrivateKeyAlias()
The string alias used to store and retrieve the server's private key in the keystore. This private key is associated with the server's digital certificate.
public String getServerPrivateKeyPassPhrase()
The passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
public byte[] getServerPrivateKeyPassPhraseEncrypted()
The encrypted passphrase used to retrieve the server's private key from the keystore. This passphrase is assigned to the private key when it is generated.
To set this attribute, pass an unencrypted string to the MBean server's
setAttribute
method. WebLogic Server encrypts the value and
sets the attribute to the encrypted value.
To compare a password that a user enters with the encrypted
value of this attribute, go to the same WebLogic Server instance
that you used to set and encrypt this attribute
and use weblogic.management.EncryptionHelper.encrypt()
to encrypt the user-supplied password. Then compare the encrypted values.
public String getTrustedCAFileName()
The full directory location of the file that specifies the certificate authorities trusted by the server.
The pathname should either be absolute or relative to the directory from which the server is booted. This field provides backward compatibility for security configurations that store trusted certificate authorities in files.
The file specified in this attribute can contain a single digital certificate or multiple digital certificates. The file extension ( .der or .pem) tells WebLogic Server how to read the contents of the file.
public boolean isClientCertificateEnforced()
Indicates whether or not clients must present digital certificates from a trusted certificate authority to WebLogic Server.
public boolean isEnabled()
Indicates whether the server can be reached through the default SSL listen port.
If the administration port is enabled for the WebLogic Server domain, then administrative traffic travels over the administration port and application traffic travels over the Listen Port and SSL Listen Port. If the administration port is disabled, then all traffic travels over the Listen Port and SSL Listen Port.
public boolean isHostnameVerificationIgnored()
Specifies whether to ignore the installed implementation of the weblogic.security.SSL.HostnameVerifier interface (when this server is acting as a client to another application server).
public boolean isSSLRejectionLoggingEnabled()
Indicates whether warning messages are logged in the server log when SSL connections are rejected.
public boolean isTwoWaySSLEnabled()
The form of SSL that should be used.
By default, WebLogic Server is configured to use one-way SSL (implied by the Client Certs Not Requested value). Selecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.
public void setCertAuthenticator(String classname) throws InvalidAttributeValueException
Sets the value of the CertAuthenticator attribute.
classname
- The new certAuthenticator value
InvalidAttributeValueException
getCertAuthenticator()
public void setCiphersuites(String[] ciphers) throws InvalidAttributeValueException
Sets the value of the Ciphersuites attribute.
ciphers
- The new ciphersuites value
InvalidAttributeValueException
- if the array is null or contains null elements.getCiphersuites()
public void setClientCertificateEnforced(boolean enforce)
Sets the value of the ClientCertificateEnforced attribute.
enforce
- The new clientCertificateEnforced valueisClientCertificateEnforced()
public void setEnabled(boolean enable) throws InvalidAttributeValueException
enable
- The new enabled value
InvalidAttributeValueException
isEnabled()
public void setExportKeyLifespan(int lifespan) throws InvalidAttributeValueException
Sets the value of the ExportKeyLifespan attribute.
lifespan
- The new exportKeyLifespan value
InvalidAttributeValueException
getExportKeyLifespan()
public void setHostnameVerificationIgnored(boolean ignoreFlag) throws InvalidAttributeValueException
Sets the value of the HostnameVerificationIgnored attribute.
ignoreFlag
- The new hostnameVerificationIgnored value
InvalidAttributeValueException
isHostnameVerificationIgnored()
public void setHostnameVerifier(String classname) throws InvalidAttributeValueException
Sets the value of the HostnameVerifier attribute.
classname
- The new hostnameVerifier value
InvalidAttributeValueException
getHostnameVerifier()
public void setIdentityAndTrustLocations(String locations)
Sets the value of the IdentityAndTrustLocations attribute.
locations
- The new identityAndTrustLocations valuegetIdentityAndTrustLocations()
public void setInboundCertificateValidation(String validationStyle)
Sets the value of the InboundCertificateValidation attribute.
validationStyle
- the new validation stylegetInboundCertificateValidation()
public void setListenPort(int port)
Set the value of the ListenPort attribute.
port
- The new listenPort valuegetListenPort()
public void setLoginTimeoutMillis(int millis)
Sets the value of the LoginTimeoutMillis attribute.
millis
- The new loginTimeoutMillis valuegetLoginTimeoutMillis()
public void setOutboundCertificateValidation(String validationStyle)
Sets the value of the OutboundCertificateValidation attribute.
validationStyle
- the new validation stylegetOutboundCertificateValidation()
public void setPeerValidationEnforced(int checkLevel) throws InvalidAttributeValueException
Sets the value of the PeerValidationEnforced attribute.
checkLevel
- The new peerValidationEnforced value
InvalidAttributeValueException
getPeerValidationEnforced()
public void setServerCertificateChainFileName(String fileName)
Sets the value of the ServerCertificateChainFileName attribute.
fileName
- The new serverCertificateChainFileName valuegetServerCertificateChainFileName()
public void setServerCertificateFileName(String fileName)
Sets the value of the ServerCertificateFileName attribute.
fileName
- The new serverCertificateFileName valuegetServerCertificateFileName()
public void setServerKeyFileName(String fileName)
Sets the value of the ServerKeyFileName attribute.
fileName
- The new serverKeyFileName valuegetServerKeyFileName()
public void setServerPrivateKeyAlias(String alias)
Sets the value of the ServerPrivateKeyAlias attribute.
alias
- The new serverPrivateKeyAlias valuegetServerPrivateKeyAlias()
public void setServerPrivateKeyPassPhrase(String phrase)
Sets the value of the ServerPrivateKeyPassPhrase attribute.
As of 8.1 sp4, when you get the value of this attribute, WebLogic Server does the following:
ServerPrivateKeyPassPhraseEncrypted
attribute.
When you set the value of this attribute, WebLogic Server does the following:
ServerPrivateKeyPassPhraseEncrypted
attribute to the
encrypted value.Using this attribute (ServerPrivateKeyPassPhrase
) is a potential
security risk because
the String object (which contains the unencrypted passphrase) remains in
the JVM's memory until garbage collection removes it. Depending on how
memory is allocated in the JVM, a significant amount of time could pass
before this unencrypted data is removed from memory.
Instead of using this attribute, use
getServerPrivateKeyPassPhraseEncrypted
.
phrase
- The new serverPrivateKeyPassPhrase valuegetServerPrivateKeyPassPhrase()
,
setServerPrivateKeyPassPhraseEncrypted(byte[])
public void setServerPrivateKeyPassPhraseEncrypted(byte[] phraseEncrypted)
Sets the value of the ServerPrivateKeyPassPhrase attribute.
phraseEncrypted
- The new encrypted serverPrivateKeyPassPhrase value#setServerPrivateKeyPassPhraseEncrypted()
public void setSSLRejectionLoggingEnabled(boolean enabled)
Sets the value of the SSLRejectionLoggingEnabled attribute.
enabled
- The new sSLRejectionLoggingEnabled valueisSSLRejectionLoggingEnabled()
public void setTrustedCAFileName(String fileName) throws InvalidAttributeValueException
Sets the value of the TrustedCAFileName attribute.
fileName
- The new trustedCAFileName value
InvalidAttributeValueException
getTrustedCAFileName()
public void setTwoWaySSLEnabled(boolean enabled)
Sets the value of the TwoWaySSLEnabled attribute.
enabled
- The new twoWaySSLEnabled valueisTwoWaySSLEnabled()
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs90 Copyright 2005 BEA Systems Inc. |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |