This MBean contains configuration information for the Windows NT Authetication ProviderDeprecation of MBeanHome and Type-Safe InterfacesThis is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime. For more information, see "Developing Manageable Applications with JMX" on http://www.oracle.com/technology/documentation/index.html.
Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.security.providers.authentication.WindowsNTAuthenticatorMBean
|
||
Factory Methods | No factory methods. Instances of this MBean are created automatically. | ||
Access Points Inherited from AuthenticationProviderMBean |
Because this MBean extends or implements AuthenticationProviderMBean, you can also access this MBean by retrieving AuthenticationProviderMBeans. The following attributes contain AuthenticationProviderMBeans and its subtypes:
|
This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.
|
Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.
Privileges | Read only |
Type | RealmMBean |
Relationship type: | Reference. |
This section describes the following attributes:
Determines how the provider reacts when a bad domain controller name is found.Possible settings:Delay indicates the domain controller can be used again only after a certain amount of time has elapsed since it was last tried unsuccessfully.Never indicates a bad domain controller is never retried.Always indicates a bad domain controller is always retried.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | Delay |
Legal Values |
|
This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduces performance hits when a domain controller in the list of controllers is temporarily unavailable
Privileges | Read/Write |
Type | java.lang.Integer |
Default Value | 60000 |
Returns how the login sequence uses the Authentication provider.
A REQUIRED
value specifies this LoginModule must
succeed. Even if it fails, authentication proceeds down the list of
LoginModules for the configured Authentication providers. This
setting is the default.
A REQUISITE
value specifies this LoginModule must
succeed. If other Authentication providers are configured and this
LoginModule succeeds, authentication proceeds down the list of
LoginModules. Otherwise, control is return to the application.
A SUFFICIENT
value specifies this LoginModule need
not succeed. If it does succeed, return control to the application.
If it fails and other Authentication providers are configured,
authentication proceeds down the LoginModule list.
An OPTIONAL
value specifies this LoginModule need
not succeed. Whether it succeeds or fails, authentication proceeds
down the LoginModule list.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | REQUIRED |
Legal Values |
|
The Windows NT Authentication provider enables Windows NT users and groups to be used for authentication purposes.
Privileges | Read only |
Type | java.lang.String |
Default Value | Provider that performs Windows NT Authentication |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.Use if the Domain Controllers is set to List. The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].
Privileges | Read/Write |
Type | class java.lang.String[] |
Default Value | [LocalAndDomain] |
The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names. Possible settings:Local--local machine only.LocalAndDomain--the local machine and the domain that the machine is a member of (if it is not standalone).Domain--the domain that the machine is a member.List--Use the domain constrollers specified in the Domain Controller List setting.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | LocalandDomain |
Legal Values |
|
Specfies whether the logon process should use Network or Interactive logon.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | Interactive |
Legal Values |
|
Specifies whether the Windows NT domain information should be placed into principal names during authentication.Possible settings:Never--the Windows NT domain name is not placed in the principal names.OldUPN--the Windows NT domain name is placed in the principal names as domain\name.UPN-- the Windows NT domain name is placed in the principal names as name@domain.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | Never |
Legal Values |
|
Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (meaning will username@domain be used).Possible settings:First--names which match the UPN format should be treated as a UPN name first. If the name isn't a UPN name, the name will be treated as an unscoped name.Last--names which match the UPN format should be treated as a UPN name only if the name failed to be matched as an unscoped name.Always--names which match the UPN format will always be treated as a UPN name.This setting should only be used when there are no usernames with @. domain\username is not ambiguous and is always allowed.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | First |
Legal Values |
|
Privileges | Read only |
Type | java.lang.String |
Default Value | WindowsNTAuthenticator |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The name of the Java class used to load the Windows NT Authentication provider.
Privileges | Read only |
Type | java.lang.String |
Default Value | weblogic.security.providers.authentication.NTAuthenticatorProviderImpl |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The version number of the Windows NT Authentication provider.
Privileges | Read only |
Type | java.lang.String |
Default Value | 1.0 |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
This section describes the following operations:
Advances the list to the next element in the list.
Operation Name | "advance" |
Parameters | Object [] { cursor }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
void
|
Exceptions |
|
Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.
Operation Name | "close" |
Parameters | Object [] { cursor }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
void
|
Exceptions |
|
The name of the current item in the list. Returns null if there is no current item.
Operation Name | "getCurrentName" |
Parameters | Object [] { cursor }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns | String
|
Exceptions |
|
Gets a group's description.
Operation Name | "getGroupDescription" |
Parameters | Object [] { groupName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns | String
|
Exceptions |
|
Gets a user's description.
Operation Name | "getUserDescription" |
Parameters | Object [] { userName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns | String
|
Exceptions |
|
Indicates whether the specified group exists.
Operation Name | "groupExists" |
Parameters | Object [] { groupName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
boolean
|
Exceptions |
|
Returns true if there are more objects in the list, and false otherwise.
Operation Name | "haveCurrent" |
Parameters | Object [] { cursor }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
boolean
|
Exceptions |
|
Indicates whether a user or group is a member of the group that you specify. A recursive search returns true if the member belongs to the group that you specify or to any of the groups contained within that group."
Operation Name | "isMember" |
Parameters | Object [] { parentGroupName, memberUserOrGroupName, recursive }
where:
|
Signature | String [] {
"java.lang.String",
"java.lang.String",
"java.lang.Boolean" } |
Returns |
boolean
|
Exceptions |
|
Searches for a user name that matches a pattern.
This method returns a cursor that you can pass to the methods
from weblogic.management.utils.NameListerMBean
(which
this MBean extends) to iterate through the returned list.
This method does not sort the results.
Operation Name | "listGroups" |
Parameters | Object [] { groupNameWildcard, maximumToReturn }
where:
|
Signature | String [] {
"java.lang.String",
"java.lang.Integer" } |
Returns | String
|
Exceptions |
|
Searches for a user name that matches a pattern.
This method returns a cursor that you can pass to the methods
from weblogic.management.utils.NameListerMBean
(which
this MBean extends) to iterate through the returned list.
This method does not sort the results.
Operation Name | "listUsers" |
Parameters | Object [] { userNameWildcard, maximumToReturn }
where:
|
Signature | String [] {
"java.lang.String",
"java.lang.Integer" } |
Returns | String
|
Exceptions |
|
Indicates whether the specified user exists.
Operation Name | "userExists" |
Parameters | Object [] { userName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
boolean
|
Exceptions |
|
Operation Name | "wls_getDisplayName" |
Parameters | null |
Signature | null |
Returns | String
|