|
Oracle Fusion Middleware Oracle WebLogic Server MBean Javadoc 11g Release 1 (10.3.3) Part Number E13945-03 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface DefaultIdentityAsserterMBean
The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.
This is a type-safe interface for a WebLogic Server MBean, which you can import into your client classes and access through weblogic.management.MBeanHome
. As of 9.0, the MBeanHome
interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, client classes that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection
interface to discover MBeans, attributes, and attribute types at runtime.
Method Summary | |
---|---|
String |
getDefaultUserNameMapperAttributeDelimiter()
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. |
String |
getDefaultUserNameMapperAttributeType()
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. |
String |
getDescription()
A short description of the Identity Assertion provider. |
String |
getDigestDataSourceName()
The name of the data source to use for storage digest values. |
int |
getDigestExpirationTimePeriod()
Determines how long digests are valid. |
String |
getName()
The name of this configuration. |
String |
getProviderClassName()
The name of the Java class used to load the Identity Assertion provider. |
String[] |
getSupportedTypes()
The token types supported by the Identity Assertion provider. |
String[] |
getTrustedClientPrincipals()
The list of trusted client principals to use in CSI v2 identity assertion. |
String |
getUserNameMapperClassName()
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names. |
String |
getVersion()
The version number of the Identity Assertion provider. |
boolean |
isDigestReplayDetectionEnabled()
Enables the storage of the digest nonce values used to detect replay attacks. |
boolean |
isUseDefaultUserNameMapper()
Uses the user name mapping class provided by WebLogic Server. |
void |
setDefaultUserNameMapperAttributeDelimiter(String newValue)
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. |
void |
setDefaultUserNameMapperAttributeType(String newValue)
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. |
void |
setDigestDataSourceName(String newValue)
The name of the data source to use for storage digest values. |
void |
setDigestExpirationTimePeriod(int newValue)
Determines how long digests are valid. |
void |
setDigestReplayDetectionEnabled(boolean newValue)
Enables the storage of the digest nonce values used to detect replay attacks. |
void |
setTrustedClientPrincipals(String[] newValue)
The list of trusted client principals to use in CSI v2 identity assertion. |
void |
setUseDefaultUserNameMapper(boolean newValue)
Uses the user name mapping class provided by WebLogic Server. |
void |
setUserNameMapperClassName(String newValue)
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names. |
Methods inherited from interface weblogic.management.security.authentication.IdentityAsserterMBean |
---|
getActiveTypes, getBase64DecodingRequired, setActiveTypes, setBase64DecodingRequired |
Methods inherited from interface weblogic.management.security.ProviderMBean |
---|
getRealm |
Method Detail |
---|
String getProviderClassName()
The name of the Java class used to load the Identity Assertion provider.
String getDescription()
A short description of the Identity Assertion provider.
getDescription
in interface ProviderMBean
String getVersion()
The version number of the Identity Assertion provider.
getVersion
in interface ProviderMBean
String[] getSupportedTypes()
The token types supported by the Identity Assertion provider.
getSupportedTypes
in interface IdentityAsserterMBean
String getUserNameMapperClassName()
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
void setUserNameMapperClassName(String newValue) throws InvalidAttributeValueException
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
newValue
- - new value for attribute UserNameMapperClassName
InvalidAttributeValueException
String[] getTrustedClientPrincipals()
The list of trusted client principals to use in CSI v2 identity assertion.
The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
void setTrustedClientPrincipals(String[] newValue) throws InvalidAttributeValueException
The list of trusted client principals to use in CSI v2 identity assertion.
The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
newValue
- - new value for attribute TrustedClientPrincipals
InvalidAttributeValueException
boolean isUseDefaultUserNameMapper()
Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired.
If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.
void setUseDefaultUserNameMapper(boolean newValue) throws InvalidAttributeValueException
Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired.
If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.
newValue
- - new value for attribute UseDefaultUserNameMapper
InvalidAttributeValueException
String getDefaultUserNameMapperAttributeType()
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
void setDefaultUserNameMapperAttributeType(String newValue) throws InvalidAttributeValueException
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
newValue
- - new value for attribute DefaultUserNameMapperAttributeType
InvalidAttributeValueException
String getDefaultUserNameMapperAttributeDelimiter()
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
void setDefaultUserNameMapperAttributeDelimiter(String newValue) throws InvalidAttributeValueException
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
newValue
- - new value for attribute DefaultUserNameMapperAttributeDelimiter
InvalidAttributeValueException
boolean isDigestReplayDetectionEnabled()
Enables the storage of the digest nonce values used to detect replay attacks.
If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.
void setDigestReplayDetectionEnabled(boolean newValue) throws InvalidAttributeValueException
Enables the storage of the digest nonce values used to detect replay attacks.
If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.
newValue
- - new value for attribute DigestReplayDetectionEnabled
InvalidAttributeValueException
int getDigestExpirationTimePeriod()
Determines how long digests are valid.
A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.
void setDigestExpirationTimePeriod(int newValue) throws InvalidAttributeValueException
Determines how long digests are valid.
A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.
newValue
- - new value for attribute DigestExpirationTimePeriod
InvalidAttributeValueException
String getDigestDataSourceName()
The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.
void setDigestDataSourceName(String newValue) throws InvalidAttributeValueException
The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.
newValue
- - new value for attribute DigestDataSourceName
InvalidAttributeValueException
String getName()
ProviderMBean
getName
in interface ProviderMBean
|
Copyright 1996, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Oracle WebLogic Server MBean Javadoc 11g Release 1 (10.3.3) Part Number E13945-03 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |