RealmMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

       
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.management.security.RealmMBean
Factory Methods
Additional Access Points In addition to accessing this MBean by invoking a factory method, you can also access this MBean from the following MBean attributes:
Deprecated Factory Methods and Access Points


    Related MBeans

    This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.


    Adjudicator

    Returns the Adjudication provider for this security realm.

           
    Factory MethodscreateAdjudicator (java.lang.String type)

    destroyAdjudicator ( )

    Factory methods do not return objects.

    See Using factory methods.

    Privileges Read only
    TypeAdjudicatorMBean
    Relationship type: Containment.

    Auditors

    Returns the Auditing providers for this security realm (in invocation order).

               
    Factory MethodscreateAuditor (java.lang.String type)

    destroyAuditor (AuditorMBean auditor)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuditor(String name)

    Returns a javax.management.ObjectName for the instance of AuditorMBean named name.

    Privileges Read/Write
    TypeAuditorMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthenticationProviders

    Returns the Authentication providers for this security realm (in invocation order).

               
    Factory MethodscreateAuthenticationProvider (java.lang.String type)

    destroyAuthenticationProvider (AuthenticationProviderMBean authenticationProvider)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuthenticationProvider(String name)

    Returns a javax.management.ObjectName for the instance of AuthenticationProviderMBean named name.

    Privileges Read/Write
    TypeAuthenticationProviderMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    Authorizers

    Returns the Authorization providers for this security realm (in invocation order).

               
    Factory MethodscreateAuthorizer (java.lang.String type)

    destroyAuthorizer (AuthorizerMBean authorizer)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupAuthorizer(String name)

    Returns a javax.management.ObjectName for the instance of AuthorizerMBean named name.

    Privileges Read/Write
    TypeAuthorizerMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathBuilder

    Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders.

           
    Privileges Read/Write
    TypeCertPathBuilderMBean
    Relationship type: Reference.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathProviders

    Returns the Certification Path providers for this security realm (in invocation order).

               
    Factory MethodscreateCertPathProvider (java.lang.String name)

    destroyCertPathProvider (CertPathProviderMBean certPathProvider)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupCertPathProvider(String name)

    Returns a javax.management.ObjectName for the instance of CertPathProviderMBean named name.

    Privileges Read/Write
    TypeCertPathProviderMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CredentialMappers

    Returns the Credential Mapping providers for this security realm (in invocation order).

               
    Factory MethodscreateCredentialMapper (java.lang.String type)

    destroyCredentialMapper (CredentialMapperMBean credentialMapper)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupCredentialMapper(String name)

    Returns a javax.management.ObjectName for the instance of CredentialMapperMBean named name.

    Privileges Read/Write
    TypeCredentialMapperMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    KeyStores

    Returns the KeyStore providers for this security realm (in invocation order).

    Deprecated. 8.1.0.0

               
    Factory MethodscreateKeyStore (java.lang.String name)

    destroyKeyStore (KeyStoreMBean keystore)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupKeyStore(String name)

    Returns a javax.management.ObjectName for the instance of KeyStoreMBean named name.

    Privileges Read/Write
    TypeKeyStoreMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    RoleMappers

    Returns the Role Mapping providers for this security realm (in invocation order).

               
    Factory MethodscreateRoleMapper (java.lang.String type)

    destroyRoleMapper (RoleMapperMBean roleMapper)

    Factory methods do not return objects.

    See Using factory methods.

    Lookup OperationlookupRoleMapper(String name)

    Returns a javax.management.ObjectName for the instance of RoleMapperMBean named name.

    Privileges Read/Write
    TypeRoleMapperMBean[]
    Relationship type: Containment.
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    UserLockoutManager

    Returns the User Lockout Manager for this security realm.

           
    Factory Methods No explicit creator method. The child shares the lifecycle of its parent.
    Privileges Read only
    TypeUserLockoutManagerMBean
    Relationship type: Containment.


    Attributes

    This section describes the following attributes:


    AdjudicatorTypes

    Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuditorTypes

    Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthenticationProviderTypes

    Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    AuthorizerTypes

    Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CertPathProviderTypes

    Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    CombinedRoleMappingEnabled

    Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.

    When enabled:

    When disabled:

    Note:

    For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.

           
    Available Since Release 9.0.0.0
    Privileges Read/Write
    Typeboolean
    Default Valuetrue

    CredentialMapperTypes

    Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    DefaultRealm

    Returns whether this security realm is the Default realm for the WebLogic domain. Deprecated in this release of WebLogic Server and replaced by weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm.

    Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean#getDefaultRealm()

           
    Privileges Read/Write
    Typeboolean

    DeployCredentialMappingIgnored

    Returns whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    DeployPolicyIgnored

    Returns whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    DeployRoleIgnored

    Returns whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    EnableWebLogicPrincipalValidatorCache

    Returns whether the WebLogic Principal Validator caching is enabled.

    The Principal Validator is used by BEA supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.

           
    Privileges Read/Write
    Typeboolean
    Default Valuetrue

    FullyDelegateAuthorization

    Returns whether the Web and EJB containers should call the security framework on every access.

    If false the containers are free to only call the security framework when security is set in the deployment descriptors.

    Deprecated. 9.0.0.0

           
    Privileges Read/Write
    Typeboolean

    KeyStoreTypes

    Returns the types of KeyStore providers that may be created in this security realm, for example, weblogic.security.providers.pk.DefaultKeyStore. Use this method to find the available types to pass to createKeyStore

    Deprecated. 8.1.0.0

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    MaxWebLogicPrincipalsInCache

    Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. This value is only used if EnableWebLogicPrincipalValidatorCache is set to true

           
    Privileges Read/Write
    Typejava.lang.Integer
    Default Value500

    Name

    The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

           
    Privileges Read only
    Typejava.lang.String
    Default ValueRealm
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    RoleMapperTypes

    Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

           
    Privileges Read only
    Typeclass java.lang.String[]
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    SecurityDDModel

    Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.

    Choose one of these security models:

    For more information, see:

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueDDOnly
    Legal Values
    • DDOnly
    • CustomRoles
    • CustomRolesAndPolicies
    • Advanced

    ValidateDDSecurityData

    Returns whether security data in the deployment descriptor is validated. This setting establishes the default value for applications deployed using the realm.

           
    Privileges Read/Write
    Typeboolean


    Operations

    This section describes the following operations:


      validate

      Checks that the realm is valid.

      Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured.

         
      Operation Name"validate"
      Parametersnull
      Signaturenull
      Returns void
      Exceptions
      • weblogic.management.utils.ErrorCollectionException

      wls_getDisplayName

         
      Operation Name"wls_getDisplayName"
      Parametersnull
      Signaturenull
      ReturnsString