BEA Systems, Inc.

Type-Safe Access to BEA WebLogic Server 9.0 MBeans (Deprecated)

(Methods marked with @since 9.0.0.0 are not available through the deprecated MBeanHome interface.)


weblogic.management.security.authentication
Interface UserLockoutManagerMBean

All Superinterfaces:
weblogic.descriptor.DescriptorBean, weblogic.descriptor.SettableBean, weblogic.management.commo.StandardInterface

public interface UserLockoutManagerMBean
extends weblogic.management.commo.StandardInterface, weblogic.descriptor.DescriptorBean

Lists and manages lockouts on user accounts.

Deprecation of MBeanHome and Type-Safe Interfaces

In addition to being used as a base class that provides functionality to security provider MBeans, JMX applications can use this class directly as a type-safe interface. When used as a type-safe interface, a JMX application imports this class and accesses it through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, JMX applications that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.

The methods to manage currently locked out users and to get lockout statistics have been deprecated in 9.0.0.0 and moved to ServerRuntime.getServerSecurityRuntime().getDefaultRealmRuntime().getUserLocoutManagerRuntime().

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Method Summary
 void clearLockout(String userName)
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.clearLockout(String)
 long getInvalidLoginAttemptsTotalCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getInvalidLoginAttemptsTotalCount()
 long getInvalidLoginUsersHighCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getInvalidLoginUsersHighCount()
 long getLastLoginFailure(String userName)
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLastLoginFailure(String)
 long getLockedUsersCurrentCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLockedUsersCurrentCount()
 long getLockoutCacheSize()
          Returns the number of invalid login records that the server places in a cache.
 long getLockoutDuration()
          Returns the number of minutes that a user account is locked out.
 long getLockoutGCThreshold()
          Returns the maximum number of invalid login records that the server keeps in memory.
 long getLockoutResetDuration()
          The number of minutes within which consecutive invalid login attempts cause the user account to be locked out.
 long getLockoutThreshold()
          Returns the maximum number of consecutive invalid login attempts before account is locked out.
 long getLoginAttemptsWhileLockedTotalCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLoginAttemptsWhileLockedTotalCount()
 long getLoginFailureCount(String userName)
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLoginFailureCount(String)
 String getName()
          The name of this configuration.
 RealmMBean getRealm()
          Returns the realm that contains this user lockout manager.
 long getUnlockedUsersTotalCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getUnlockedUsersTotalCount()
 long getUserLockoutTotalCount()
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getUserLockoutTotalCount()
 boolean isLockedOut(String userName)
          Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.isLockedOut(String)
 boolean isLockoutEnabled()
          Returns whether the server locks out users when there are invalid login attempts.
 void setLockoutCacheSize(long lockoutCacheSize)
          Sets the number of invalid login records that the server places in a cache.
 void setLockoutDuration(long lockoutDuration)
          Sets the number of minutes that a user account is locked out.
 void setLockoutEnabled(boolean lockoutEnabled)
          Sets whether the server locks out users when there are invalid login attempts.
 void setLockoutGCThreshold(long lockoutGCThreshold)
          Sets the maximum number of invalid login records that the server keeps in memory.
 void setLockoutResetDuration(long newValue)
          The number of minutes within which consecutive invalid login attempts cause the user account to be locked out.
 void setLockoutThreshold(long lockoutThreshold)
          Sets the maximum number of consecutive invalid login attempts before account is locked out.
 
Methods inherited from interface weblogic.management.commo.StandardInterface
setName, wls_getDisplayName, wls_getInterfaceClassName, wls_getObjectName
 
Methods inherited from interface weblogic.descriptor.DescriptorBean
addBeanUpdateListener, addPropertyChangeListener, createChildCopy, createChildCopyIncludingObsolete, getDescriptor, getParentBean, isEditable, removeBeanUpdateListener, removePropertyChangeListener
 
Methods inherited from interface weblogic.descriptor.SettableBean
isSet, unSet
 

Method Detail

clearLockout

public void clearLockout(String userName)
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.clearLockout(String)

Unlocks a user account.

Parameters:
userName - - A user name. If the user does not exist, this method returns false.

getInvalidLoginAttemptsTotalCount

public long getInvalidLoginAttemptsTotalCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getInvalidLoginAttemptsTotalCount()

Returns the number of invalid logins attempted since this server has been started and lockouts have been enabled. In a cluster, this method returns the number of invalid logins attempted that have occured since the cluster has been started because all servers share login failure information.


getInvalidLoginUsersHighCount

public long getInvalidLoginUsersHighCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getInvalidLoginUsersHighCount()

Returns the highest number of users with concurrent unexpired or uncleared invalid login attempts. Invalid login attempts expire as specified by LockoutResetDuration. This count is useful in determining whether the LockoutCacheSize needs to be modified.


getLastLoginFailure

public long getLastLoginFailure(String userName)
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLastLoginFailure(String)

Returns a string that indicates the time of the last invalid login for this user.

Parameters:
userName - - A user name. If the user does not exist, this method returns false.

getLockedUsersCurrentCount

public long getLockedUsersCurrentCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLockedUsersCurrentCount()

Returns the number of users that are currently locked out of this server.


getLockoutCacheSize

public long getLockoutCacheSize()
Returns the number of invalid login records that the server places in a cache. The server creates one record for each invalid login.

Default value:
5
Minimum value:
0
A dynamic MBean attribute.
false

getLockoutDuration

public long getLockoutDuration()
Returns the number of minutes that a user account is locked out.

Default value:
30
Minimum value:
0
A dynamic MBean attribute.
false

getLockoutGCThreshold

public long getLockoutGCThreshold()
Returns the maximum number of invalid login records that the server keeps in memory. If the number of invalid login records is equal to or greater than this value, the server's garbage collection purges the records that have expired. A record expires when the user associated with the record has been locked out.

The lower the threshold, the more often the server uses its resources to collect garbage.

Default value:
400
Minimum value:
0
A dynamic MBean attribute.
false

getLockoutResetDuration

public long getLockoutResetDuration()
The number of minutes within which consecutive invalid login attempts cause the user account to be locked out.

Default value:
5
Minimum value:
1
A dynamic MBean attribute.
false

getLockoutThreshold

public long getLockoutThreshold()
Returns the maximum number of consecutive invalid login attempts before account is locked out. When the number of invalid logins within a specified period of time is greater than LockoutThresholdvalue, the user is locked out. For example, with the default setting of 1, the user is locked out on the second consecutive invalid login. With a setting of 2, the user is locked out on the third consecutive invalid login.

Default value:
5
Minimum value:
1
A dynamic MBean attribute.
false

getLoginAttemptsWhileLockedTotalCount

public long getLoginAttemptsWhileLockedTotalCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLoginAttemptsWhileLockedTotalCount()

Returns the number of invalid logins attempted since this server has been started and lockouts have been enabled.


getLoginFailureCount

public long getLoginFailureCount(String userName)
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getLoginFailureCount(String)

Returns the current count of login failures for a specific user. This value returns to

Parameters:
userName - - A user name. If the user does not exist, this method returns false.

getName

public String getName()
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Specified by:
getName in interface weblogic.management.commo.StandardInterface
Default value:
"UserLockoutManager"
A dynamic MBean attribute.
false

getRealm

public RealmMBean getRealm()
Returns the realm that contains this user lockout manager. Returns null if this security provider is not contained by a realm.

A dynamic MBean attribute.
false

getUnlockedUsersTotalCount

public long getUnlockedUsersTotalCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getUnlockedUsersTotalCount()

Returns the number times users have been unlocked since this server has been started.


getUserLockoutTotalCount

public long getUserLockoutTotalCount()
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.getUserLockoutTotalCount()

Returns the number of user lockouts that have occured since this server has been started. In a cluster, this method returns the number of user lockouts that have occured since the cluster has been started because all servers share login failure information.


isLockedOut

public boolean isLockedOut(String userName)
Deprecated. 9.0.0.0 Replaced by ServerSecurityRuntimeMBean.isLockedOut(String)

Indicates whether a user is locked out.

Parameters:
userName - - A user name. If the user does not exist, this method returns false.

isLockoutEnabled

public boolean isLockoutEnabled()
Returns whether the server locks out users when there are invalid login attempts. A true value for this attribute causes the server to consider the other attributes of this MBean. A false value causes the server to ignore the other attributes of this MBean."

Default value:
true
A dynamic MBean attribute.
false

setLockoutCacheSize

public void setLockoutCacheSize(long lockoutCacheSize)
                         throws InvalidAttributeValueException
Sets the number of invalid login records that the server places in a cache.

Parameters:
lockoutCacheSize - - the new lockout cache size
Throws:
InvalidAttributeValueException
See Also:
getLockoutCacheSize()

setLockoutDuration

public void setLockoutDuration(long lockoutDuration)
                        throws InvalidAttributeValueException
Sets the number of minutes that a user account is locked out.

Parameters:
lockoutDuration - - the new lockout duration in minutes
Throws:
InvalidAttributeValueException
See Also:
getLockoutDuration()

setLockoutEnabled

public void setLockoutEnabled(boolean lockoutEnabled)
                       throws InvalidAttributeValueException
Sets whether the server locks out users when there are invalid login attempts.

Parameters:
lockoutEnabled - - the new lockout enabled value
Throws:
InvalidAttributeValueException
See Also:
isLockoutEnabled()

setLockoutGCThreshold

public void setLockoutGCThreshold(long lockoutGCThreshold)
                           throws InvalidAttributeValueException
Sets the maximum number of invalid login records that the server keeps in memory.

Parameters:
lockoutGCThreshold - - the new lockout garbage collection threshold
Throws:
InvalidAttributeValueException
See Also:
getLockoutGCThreshold()

setLockoutResetDuration

public void setLockoutResetDuration(long newValue)
                             throws InvalidAttributeValueException
The number of minutes within which consecutive invalid login attempts cause the user account to be locked out.

Parameters:
newValue - - new value for attribute LockoutResetDuration
Throws:
InvalidAttributeValueException
See Also:
getLockoutResetDuration()

setLockoutThreshold

public void setLockoutThreshold(long lockoutThreshold)
                         throws InvalidAttributeValueException
Sets the maximum number of consecutive invalid login attempts before account is locked out.

Parameters:
lockoutThreshold - - the new lockout threshold
Throws:
InvalidAttributeValueException
See Also:
getLockoutThreshold()

Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs90
Copyright 2005 BEA Systems Inc.