weblogic.management.security
Interface RealmMBean

public interface RealmMBean

The MBean that represents configuration attributes for the security realm.

A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).

Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).

One security realm in the WebLogic domain must have the DefaultRealm attribute set to true. The security realm with the DefaultRealm attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm attribute set to false.

When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.

Since security providers are scoped by realm, the Realm attribute on a security provider must be set to the realm that uses the provider.

Deprecation of MBeanHome and Type-Safe Interfaces

In addition to being used as a base class that provides functionality to security provider MBeans, JMX applications can use this class directly as a type-safe interface. When used as a type-safe interface, a JMX application imports this class and accesses it through weblogic.management.MBeanHome. As of 9.0, the MBeanHome interface and all type-safe interfaces for WebLogic Server MBeans are deprecated. Instead, JMX applications that interact with WebLogic Server MBeans should use standard JMX design patterns in which clients use the javax.management.MBeanServerConnection interface to discover MBeans, attributes, and attribute types at runtime.

Method Summary

AdjudicatorMBean	createAdjudicator(String type) Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider.
AdjudicatorMBean	createAdjudicator(String name, String type) Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider.
AuditorMBean	createAuditor(String type) Creates an Auditing provider in this security realm.
AuditorMBean	createAuditor(String name, String type) Creates an Auditing provider in this security realm.
AuthenticationProviderMBean	createAuthenticationProvider(String type) Creates an Authentication provider in this security realm.
AuthenticationProviderMBean	createAuthenticationProvider(String name, String type) Creates an Authentication provider in this security realm.
AuthorizerMBean	createAuthorizer(String type) Creates an Authorization provider in this security realm.
AuthorizerMBean	createAuthorizer(String name, String type) Creates an Authorization provider in this security realm.
CertPathProviderMBean	createCertPathProvider(String type) Creates a Certification Path provider in this security realm.
CertPathProviderMBean	createCertPathProvider(String name, String type) Creates a Certification Path provider in this security realm.
CredentialMapperMBean	createCredentialMapper(String type) Creates a Credential Mapping provider in this security realm.
CredentialMapperMBean	createCredentialMapper(String name, String type) Creates a Credential Mapping provider in this security realm.
KeyStoreMBean	createKeyStore(String type) Deprecated. 8.1.0.0
KeyStoreMBean	createKeyStore(String name, String type) Deprecated. 8.1.0.0
PasswordValidatorMBean	createPasswordValidator(Class subClass, String name) Creates a Password Validator provider in this security realm.
PasswordValidatorMBean	createPasswordValidator(String type) Creates a Password Validator provider in this security realm.
PasswordValidatorMBean	createPasswordValidator(String name, String type) Creates a Password Validator provider in this security realm.
RDBMSSecurityStoreMBean	createRDBMSSecurityStore() Creates configuration for the RDBMS security store.
RDBMSSecurityStoreMBean	createRDBMSSecurityStore(String name) Creates configuration for the RDBMS security store with the specified name.
RoleMapperMBean	createRoleMapper(String type) Creates a Role Mapping provider in this security realm.
RoleMapperMBean	createRoleMapper(String name, String type) Creates a Role Mapping provider in this security realm.
void	destroyAdjudicator() Removes the configuration this security realm's Adjudication provider (if there is one).
void	destroyAuditor(AuditorMBean auditor) Removes the configuration for an Auditing provider in this security realm.
void	destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider) Removes the configuration for an Authentication provider in this security realm.
void	destroyAuthorizer(AuthorizerMBean authorizer) Removes the configuration for an Authorization provider in this security realm.
void	destroyCertPathProvider(CertPathProviderMBean certPathProvider) Removes the configuration for a Certification Path provider in this security realm.
void	destroyCredentialMapper(CredentialMapperMBean credentialMapper) Removes the configuration for a Credential Mapping provider in this security realm.
void	destroyKeyStore(KeyStoreMBean keystore) Deprecated. 8.1.0.0
void	destroyPasswordValidator(PasswordValidatorMBean provider) Removes the configuration for a Password Validator provider in this security realm.
void	destroyRDBMSSecurityStore() Destroys and removes the existing RDBMS security store which is a child of this realm.
void	destroyRoleMapper(RoleMapperMBean roleMapper) Removes the configuration for a Role Mapping provider in this security realm.
AdjudicatorMBean	getAdjudicator() Returns the Adjudication provider for this security realm.
String[]	getAdjudicatorTypes() Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator.
AuditorMBean[]	getAuditors() Returns the Auditing providers for this security realm (in invocation order).
String[]	getAuditorTypes() Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor.
AuthenticationProviderMBean[]	getAuthenticationProviders() Returns the Authentication providers for this security realm (in invocation order).
String[]	getAuthenticationProviderTypes() Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator.
String	getAuthMethods() Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method.
AuthorizerMBean[]	getAuthorizers() Returns the Authorization providers for this security realm (in invocation order).
String[]	getAuthorizerTypes() Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer.
CertPathBuilderMBean	getCertPathBuilder() Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths.
CertPathProviderMBean[]	getCertPathProviders() Returns the Certification Path providers for this security realm (in invocation order).
String[]	getCertPathProviderTypes() Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider.
CredentialMapperMBean[]	getCredentialMappers() Returns the Credential Mapping providers for this security realm (in invocation order).
String[]	getCredentialMapperTypes() Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper.
Integer	getDeployableProviderSynchronizationTimeout() Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation.
KeyStoreMBean[]	getKeyStores() Deprecated. 8.1.0.0
String[]	getKeyStoreTypes() Deprecated. 8.1.0.0
Integer	getMaxWebLogicPrincipalsInCache() Returns the maximum size of the LRU cache for holding WebLogic Principal signatures.
String	getName() The name of this configuration.
PasswordValidatorMBean[]	getPasswordValidators() Returns the Password Validator providers for this security realm (in invocation order).
String[]	getPasswordValidatorTypes() Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator.
RDBMSSecurityStoreMBean	getRDBMSSecurityStore() Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration.
RoleMapperMBean[]	getRoleMappers() Returns the Role Mapping providers for this security realm (in invocation order).
String[]	getRoleMapperTypes() Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper.
String	getSecurityDDModel() Specifies the default security model for Web applications or EJBs that are secured by this security realm.
UserLockoutManagerMBean	getUserLockoutManager() Returns the User Lockout Manager for this security realm.
boolean	isCombinedRoleMappingEnabled() Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact.
boolean	isDefaultRealm() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm()
boolean	isDelegateMBeanAuthorization() Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.
boolean	isDeployableProviderSynchronizationEnabled() Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
boolean	isDeployCredentialMappingIgnored() Deprecated. 9.0.0.0
boolean	isDeployPolicyIgnored() Deprecated. 9.0.0.0
boolean	isDeployRoleIgnored() Deprecated. 9.0.0.0
boolean	isEnableWebLogicPrincipalValidatorCache() Returns whether the WebLogic Principal Validator caching is enabled.
boolean	isFullyDelegateAuthorization() Deprecated. 9.0.0.0
boolean	isValidateDDSecurityData() Not used in this release.
AuditorMBean	lookupAuditor(String name) Finds an Auditing provider in this security realm.
AuthenticationProviderMBean	lookupAuthenticationProvider(String name) Finds an Authentication provider in this security realm.
AuthorizerMBean	lookupAuthorizer(String name) Finds an Authorization provider in this security realm.
CertPathProviderMBean	lookupCertPathProvider(String name) Finds a Certification Path provider in this security realm.
CredentialMapperMBean	lookupCredentialMapper(String name) Finds a Credential Mapping provider in this security realm.
KeyStoreMBean	lookupKeyStore(String name) Deprecated. 8.1.0.0
PasswordValidatorMBean	lookupPasswordValidator(String name) Finds an Password Validator provider in this security realm.
RoleMapperMBean	lookupRoleMapper(String name) Finds a Role Mapping provider in this security realm.
void	setAuditors(AuditorMBean[] auditors) Changes the invocation order of this security realm's Auditing providers.
void	setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders) Changes the invocation order of this security realm's Authentication providers.
void	setAuthMethods(String methods) Set the authentication methods that should be used when the Web application specifies "REALM" as its auth-method.
void	setAuthorizers(AuthorizerMBean[] authorizers) Changes the invocation order of this security realm's Authorization providers.
void	setCertPathBuilder(CertPathBuilderMBean certPathBuilder) Determines which of this security realm's CertPathProviders will be used by the security system to build certification paths.
void	setCertPathProviders(CertPathProviderMBean[] certPathProviders) Changes the invocation order of this security realm's Certification Path providers.
void	setCombinedRoleMappingEnabled(boolean combined) Sets whether application role mappings are combined by the J2EE containers.
void	setCredentialMappers(CredentialMapperMBean[] credentialMappers) Changes the invocation order of this security realm's Credential Mapping providers.
void	setDefaultRealm(boolean isDefault) Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.setDefaultRealm(weblogic.management.security.RealmMBean)
void	setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization) Sets the value of the DelegateMBeanAuthorization attribute.
void	setDeployableProviderSynchronizationEnabled(boolean enabled) Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
void	setDeployableProviderSynchronizationTimeout(Integer timeout) Specifies the timeout value, in milliseconds, for the deployable security provider synchronization operation.
void	setDeployCredentialMappingIgnored(boolean ignored) Deprecated. 9.0.0.0
void	setDeployPolicyIgnored(boolean ignored) Deprecated. 9.0.0.0
void	setDeployRoleIgnored(boolean ignored) Deprecated. 9.0.0.0
void	setEnableWebLogicPrincipalValidatorCache(boolean enabled) Sets whether the WebLogic Principal Validator caching is enabled.
void	setFullyDelegateAuthorization(boolean fullyDelegate) Deprecated. 9.0.0.0
void	setKeyStores(KeyStoreMBean[] keystores) Deprecated. 8.1.0.0
void	setMaxWebLogicPrincipalsInCache(Integer size) Sets the maximum size of the LRU cache for holding WebLogic Principal signatures.
void	setPasswordValidators(PasswordValidatorMBean[] passwordvalidators) Sets the Password Validator providers for this security realm (in invocation order).
void	setRoleMappers(RoleMapperMBean[] roleMappers) Changes the invocation order of this security realm's Role Mapping providers.
void	setSecurityDDModel(String model) Sets the default security deployment model for applications deployed in this security realm.
void	setValidateDDSecurityData(boolean validate) Sets whether security data in the deployment descriptor is validated.
void	validate() Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured.

Method Detail

getAuditors

AuditorMBean[] getAuditors()

Returns the Auditing providers for this security realm (in invocation order).

setAuditors

void setAuditors(AuditorMBean[] auditors)
                 throws InvalidAttributeValueException

Changes the invocation order of this security realm's Auditing providers.

Parameters:

auditors - - The new invocation order for this security realm's Auditing providers. It should contain exactly the same Auditing providers that getAuditors() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, auditors may also contain Auditing providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Auditing providers will be moved to this security realm. Similarly, auditors can be missing some of this security realm's current Auditing providers. All missing Auditing providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getAuditorTypes

String[] getAuditorTypes()

Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

createAuditor

AuditorMBean createAuditor(String name,
                           String type)
                           throws ClassNotFoundException,
                                  JMException

Creates an Auditing provider in this security realm. The new Auditing provider is added to the end of the list of Auditing providers configured in this security realm.

Parameters:

name - - The name of this Auditing provider, for example, DefaultAuditor

type - - The type of this Auditing provider, for example, weblogic.security.providers.audit.DefaultAuditor Use getAuditorTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createAuditor

AuditorMBean createAuditor(String type)
                           throws ClassNotFoundException,
                                  JMException

Creates an Auditing provider in this security realm. The new Auditing provider is added to the end of the list of Auditing providers configured in this security realm.

Parameters:

type - - The type of this Auditing provider, for example, weblogic.security.providers.audit.DefaultAuditor Use getAuditorTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyAuditor

void destroyAuditor(AuditorMBean auditor)

Removes the configuration for an Auditing provider in this security realm. It does not remove any persistent data for the Auditing provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Auditing providers.

Parameters:

auditor - - The Auditing provider to remove.

lookupAuditor

AuditorMBean lookupAuditor(String name)

Finds an Auditing provider in this security realm. Returns null if this security realm has no Auditing provider of the specified name.

getAuthenticationProviders

AuthenticationProviderMBean[] getAuthenticationProviders()

Returns the Authentication providers for this security realm (in invocation order).

setAuthenticationProviders

void setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders)
                                throws InvalidAttributeValueException

Changes the invocation order of this security realm's Authentication providers.

Parameters:

authenticationProviders - - The new invocation order for this security realm's Authentication providers. It should contain exactly the same Authentication providers that getAuthenticationProviders() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, authenticationProviders may also contain Authentication providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Authentication providers will be moved to this security realm. Similarly, authenticationProviders can be missing some of this security realm's current Authentication providers. All missing Authentication providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getAuthenticationProviderTypes

String[] getAuthenticationProviderTypes()

Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

createAuthenticationProvider

AuthenticationProviderMBean createAuthenticationProvider(String name,
                                                         String type)
                                                         throws ClassNotFoundException,
                                                                JMException

Creates an Authentication provider in this security realm. The new Authentication provider is added to the end of the list of Authentication providers configured in this security realm.

Parameters:

name - - The name of this Authentication provider, for example, DefaultAuthenticator

type - - The type of this Authentication provider, for example, weblogic.security.providers.authentication.DefaultAuthenticator Use getAuthenticationProviderTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createAuthenticationProvider

AuthenticationProviderMBean createAuthenticationProvider(String type)
                                                         throws ClassNotFoundException,
                                                                JMException

Creates an Authentication provider in this security realm. The new Authentication provider is added to the end of the list of Authentication providers configured in this security realm.

Parameters:

type - - The type of this Authentication provider, for example, weblogic.security.providers.authentication.DefaultAuthenticator Use getAuthenticationProviderTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyAuthenticationProvider

void destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider)

Removes the configuration for an Authentication provider in this security realm. It does not remove any persistent data for the Authentication provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Authentication providers.

Parameters:

authenticationProvider - - The Authentication provider to remove.

lookupAuthenticationProvider

AuthenticationProviderMBean lookupAuthenticationProvider(String name)

Finds an Authentication provider in this security realm. Returns null if this security realm has no Authentication provider of the specified name.

getRoleMappers

RoleMapperMBean[] getRoleMappers()

Returns the Role Mapping providers for this security realm (in invocation order).

setRoleMappers

void setRoleMappers(RoleMapperMBean[] roleMappers)
                    throws InvalidAttributeValueException

Changes the invocation order of this security realm's Role Mapping providers.

Parameters:

roleMappers - - The new invocation order for this security realm's Role Mapping providers. It should contain exactly the same Role Mapping providers that getRoleMappers() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, roleMappers may also contain Role Mapping providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Role Mapping providers will be moved to this security realm. Similarly, roleMappers can be missing some of this security realm's current Role Mapping providers. All missing Role Mapping providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getRoleMapperTypes

String[] getRoleMapperTypes()

Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

createRoleMapper

RoleMapperMBean createRoleMapper(String name,
                                 String type)
                                 throws ClassNotFoundException,
                                        JMException

Creates a Role Mapping provider in this security realm. The new Role Mapping provider is added to the end of the list of Role Mapping providers configured in this security realm.

Parameters:

name - - The name of this Role Mapping provider, for example, DefaultRoleMapper

type - - The type of this Role Mapping provider, for example, weblogic.security.providers.authorization.DefaultRoleMapper Use getRoleMapperTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createRoleMapper

RoleMapperMBean createRoleMapper(String type)
                                 throws ClassNotFoundException,
                                        JMException

Creates a Role Mapping provider in this security realm. The new Role Mapping provider is added to the end of the list of Role Mapping providers configured in this security realm.

Parameters:

type - - The type of this Role Mapping provider, for example, weblogic.security.providers.authorization.DefaultRoleMapper Use getRoleMapperTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyRoleMapper

void destroyRoleMapper(RoleMapperMBean roleMapper)

Removes the configuration for a Role Mapping provider in this security realm. It does not remove any persistent data for the Role Mapping provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Role Mapping providers.

Parameters:

roleMapper - - The Role Mapping provider to remove.

lookupRoleMapper

RoleMapperMBean lookupRoleMapper(String name)

Finds a Role Mapping provider in this security realm. Returns null if this security realm has no Role Mapping provider of the specified name.

getAuthorizers

AuthorizerMBean[] getAuthorizers()

Returns the Authorization providers for this security realm (in invocation order).

setAuthorizers

void setAuthorizers(AuthorizerMBean[] authorizers)
                    throws InvalidAttributeValueException

Changes the invocation order of this security realm's Authorization providers.

Parameters:

authorizers - - The new invocation order for this security realm's Authorization providers. It should contain exactly the same Authorization providers that getAuthorizers() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, authorizers may also contain Authorization providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Authorization providers will be moved to this security realm. Similarly, authorizers can be missing some of this security realm's current Authorization providers. All missing Authorization providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getAuthorizerTypes

String[] getAuthorizerTypes()

Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

createAuthorizer

AuthorizerMBean createAuthorizer(String name,
                                 String type)
                                 throws ClassNotFoundException,
                                        JMException

Creates an Authorization provider in this security realm. The new Authorization provider is added to the end of the list of Authorization providers configured in this security realm.

Parameters:

name - - The name of this Authorization provider, for example, DefaultAuthorizer

type - - The type of this Authorization provider, for example, weblogic.security.providers.authorization.DefaultAuthorizer Use getAuthorizerTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createAuthorizer

AuthorizerMBean createAuthorizer(String type)
                                 throws ClassNotFoundException,
                                        JMException

Creates an Authorization provider in this security realm. The new Authorization provider is added to the end of the list of Authorization providers configured in this security realm.

Parameters:

type - - The type of this Authorization provider, for example, weblogic.security.providers.authorization.DefaultAuthorizer Use getAuthorizerTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyAuthorizer

void destroyAuthorizer(AuthorizerMBean authorizer)

Removes the configuration for an Authorization provider in this security realm. It does not remove any persistent data for the Authorization provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Authorization providers.

Parameters:

authorizer - - The Authorization provider to remove.

lookupAuthorizer

AuthorizerMBean lookupAuthorizer(String name)

Finds an Authorization provider in this security realm. Returns null if this security realm has no Authorization provider of the specified name.

getAdjudicator

AdjudicatorMBean getAdjudicator()

Returns the Adjudication provider for this security realm.

getAdjudicatorTypes

String[] getAdjudicatorTypes()

Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

createAdjudicator

AdjudicatorMBean createAdjudicator(String name,
                                   String type)
                                   throws ClassNotFoundException,
                                          JMException

Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider.

Parameters:

name - - The name of this Adjudication provider, for example, DefaultAdjudicator

type - - The type of this Adjudication provider, for example, weblogic.security.providers.authorization.DefaultAdjudicator Use getAdjudicatorTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createAdjudicator

AdjudicatorMBean createAdjudicator(String type)
                                   throws ClassNotFoundException,
                                          JMException

Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider.

Parameters:

type - - The type of this Adjudication provider, for example, weblogic.security.providers.authorization.DefaultAdjudicator Use getAdjudicatorTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyAdjudicator

void destroyAdjudicator()

Removes the configuration this security realm's Adjudication provider (if there is one). It does not remove any persistent data for the Adjudication provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Adjudication provider.

getCredentialMappers

CredentialMapperMBean[] getCredentialMappers()

Returns the Credential Mapping providers for this security realm (in invocation order).

setCredentialMappers

void setCredentialMappers(CredentialMapperMBean[] credentialMappers)
                          throws InvalidAttributeValueException

Changes the invocation order of this security realm's Credential Mapping providers.

Parameters:

credentialMappers - - The new invocation order for this security realm's Credential Mapping providers. It should contain exactly the same Credential Mapping providers that getCredentialMappers() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, credentialMappers may also contain Credential Mapping providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Credential Mapping providers will be moved to this security realm. Similarly, credentialMappers can be missing some of this security realm's current Credential Mapping providers. All missing Credential Mapping providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getCredentialMapperTypes

String[] getCredentialMapperTypes()

Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

createCredentialMapper

CredentialMapperMBean createCredentialMapper(String name,
                                             String type)
                                             throws ClassNotFoundException,
                                                    JMException

Creates a Credential Mapping provider in this security realm. The new Credential Mapping provider is added to the end of the list of Credential Mapping providers configured in this security realm.

Parameters:

name - - The name of this Credential Mapping provider, for example, DefaultCredentialMapper

type - - The type of this Credential Mapping provider, for example, weblogic.security.providers.credentials.DefaultCredentialMapper Use getCredentialMapperTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createCredentialMapper

CredentialMapperMBean createCredentialMapper(String type)
                                             throws ClassNotFoundException,
                                                    JMException

Creates a Credential Mapping provider in this security realm. The new Credential Mapping provider is added to the end of the list of Credential Mapping providers configured in this security realm.

Parameters:

type - - The type of this Credential Mapping provider, for example, weblogic.security.providers.credentials.DefaultCredentialMapper Use getCredentialMapperTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyCredentialMapper

void destroyCredentialMapper(CredentialMapperMBean credentialMapper)

Removes the configuration for a Credential Mapping provider in this security realm. It does not remove any persistent data for the Credential Mapping provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Credential Mapping providers.

Parameters:

credentialMapper - - The Credential Mapping provider to remove.

lookupCredentialMapper

CredentialMapperMBean lookupCredentialMapper(String name)

Finds a Credential Mapping provider in this security realm. Returns null if this security realm has no Credential Mapping provider of the specified name.

getCertPathProviders

CertPathProviderMBean[] getCertPathProviders()

Returns the Certification Path providers for this security realm (in invocation order).

setCertPathProviders

void setCertPathProviders(CertPathProviderMBean[] certPathProviders)
                          throws InvalidAttributeValueException

Changes the invocation order of this security realm's Certification Path providers.

Parameters:

certPathProviders - - The new invocation order for this security realm's Certification Path providers. It should contain exactly the same Certification Path providers that getCertPathProviders() returns, except in a different order.

Throws:

InvalidAttributeValueException

getCertPathProviderTypes

String[] getCertPathProviderTypes()

Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

createCertPathProvider

CertPathProviderMBean createCertPathProvider(String name,
                                             String type)
                                             throws ClassNotFoundException,
                                                    JMException

Creates a Certification Path provider in this security realm. The new Certification Path provider is added to the end of the list of Certification Path providers configured in this security realm. The active security realm must contain at least one Certification Path provider that is a CertPath Builder provider and at least one Certificate Path provider that is a CertPath Validator provider.

Parameters:

name - - The name of this Certification Path provider, for example, WebLogicCertPathProvider

type - - The type of this Certification Path provider, for example, weblogic.security.providers.pk.WebLogicCertPathProvider Use getCertPathProviderTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createCertPathProvider

CertPathProviderMBean createCertPathProvider(String type)
                                             throws ClassNotFoundException,
                                                    JMException

Creates a Certification Path provider in this security realm. The new Certification Path provider is added to the end of the list of Certification Path providers configured in this security realm.

The active security realm must contain at least one Certification Path provider that is a CertPath Builder provider and at least one Certificate Path provider that is a CertPath Validator provider.

Parameters:

type - - The type of this Certification Path provider, for example, weblogic.security.providers.pk.WebLogicCertPathProvider Use getCertPathProviderTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyCertPathProvider

void destroyCertPathProvider(CertPathProviderMBean certPathProvider)

Removes the configuration for a Certification Path provider in this security realm. It does not remove any persistent data for the Certification Path provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's Certification Path providers.

If certPathProvider has been selected as this security realm's CertPathBuilder, then this security realm's will have no CertPathBuilder.

Parameters:

certPathProvider - - The Certification Path provider to remove.

lookupCertPathProvider

CertPathProviderMBean lookupCertPathProvider(String name)

Finds a Certification Path provider in this security realm. Returns null if this security realm has no Certification Path provider of the specified name.

getCertPathBuilder

CertPathBuilderMBean getCertPathBuilder()

Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders.

setCertPathBuilder

void setCertPathBuilder(CertPathBuilderMBean certPathBuilder)
                        throws InvalidAttributeValueException

Determines which of this security realm's CertPathProviders will be used by the security system to build certification paths. The provider must implement weblogic.management.security.pk.CertPathBuilder.

Parameters:

certPathBuilder - - The new CertPath Builder for this security realm. If null, this security realm will have no configured CertPathBuilder.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.getCertPathBuilder()

getKeyStores

KeyStoreMBean[] getKeyStores()

Deprecated. 8.1.0.0

Returns the KeyStore providers for this security realm (in invocation order).

setKeyStores

void setKeyStores(KeyStoreMBean[] keystores)
                  throws InvalidAttributeValueException

Deprecated. 8.1.0.0

Changes the invocation order of this security realm's KeyStore providers.

Parameters:

keystores - - The new invocation order for this security realm's KeyStore providers. It should contain exactly the same KeyStore providers that getKeyStores() returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, keystores may also contain KeyStore providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these KeyStore providers will be moved to this security realm. Similarly, keystores can be missing some of this security realm's current KeyStore providers. All missing KeyStore providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.

Throws:

InvalidAttributeValueException

getKeyStoreTypes

String[] getKeyStoreTypes()

Deprecated. 8.1.0.0

Returns the types of KeyStore providers that may be created in this security realm, for example, weblogic.security.providers.pk.DefaultKeyStore. Use this method to find the available types to pass to createKeyStore

createKeyStore

KeyStoreMBean createKeyStore(String name,
                             String type)
                             throws ClassNotFoundException,
                                    JMException

Deprecated. 8.1.0.0

Creates a KeyStore provider in this security realm. The new KeyStore provider is added to the end of the list of KeyStore providers configured in this security realm.

Parameters:

name - - The name of this KeyStore provider, for example, DefaultKeyStore

type - - The type of this KeyStore provider, for example, weblogic.security.providers.pk.DefaultKeyStore Use getKeyStoreTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

createKeyStore

KeyStoreMBean createKeyStore(String type)
                             throws ClassNotFoundException,
                                    JMException

Deprecated. 8.1.0.0

Creates a KeyStore provider in this security realm. The new KeyStore provider is added to the end of the list of KeyStore providers configured in this security realm.

Parameters:

type - - The type of this KeyStore provider, for example, weblogic.security.providers.pk.DefaultKeyStore Use getKeyStoreTypes to find the list of types that may be specified.

Throws:

ClassNotFoundException - is thrown if an invalid type is specified.

JMException

destroyKeyStore

void destroyKeyStore(KeyStoreMBean keystore)

Deprecated. 8.1.0.0

Removes the configuration for a KeyStore provider in this security realm. It does not remove any persistent data for the KeyStore provider (such as databases or files). weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm automatically removes the security realm's KeyStore providers.

Parameters:

keystore - - The KeyStore provider to remove.

lookupKeyStore

KeyStoreMBean lookupKeyStore(String name)

Deprecated. 8.1.0.0

Finds a KeyStore provider in this security realm. Returns null if this security realm has no KeyStore provider of the specified name.

getUserLockoutManager

UserLockoutManagerMBean getUserLockoutManager()

Returns the User Lockout Manager for this security realm.

isDeployRoleIgnored

boolean isDeployRoleIgnored()

Deprecated. 9.0.0.0

Returns whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

setDeployRoleIgnored

void setDeployRoleIgnored(boolean ignored)
                          throws InvalidAttributeValueException

Deprecated. 9.0.0.0

Sets whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.

Parameters:

ignored - - the new deploy role ignored value

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isDeployRoleIgnored()

isDeployPolicyIgnored

boolean isDeployPolicyIgnored()

Deprecated. 9.0.0.0

Returns whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

setDeployPolicyIgnored

void setDeployPolicyIgnored(boolean ignored)
                            throws InvalidAttributeValueException

Deprecated. 9.0.0.0

Sets whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.

Parameters:

ignored - - the new deploy policy ignored value

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isDeployPolicyIgnored()

isDeployCredentialMappingIgnored

boolean isDeployCredentialMappingIgnored()

Deprecated. 9.0.0.0

Returns whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

setDeployCredentialMappingIgnored

void setDeployCredentialMappingIgnored(boolean ignored)
                                       throws InvalidAttributeValueException

Deprecated. 9.0.0.0

Sets whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.

Parameters:

ignored - - the new deploy credential mapping ignored value.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isDeployCredentialMappingIgnored()

isFullyDelegateAuthorization

boolean isFullyDelegateAuthorization()

Deprecated. 9.0.0.0

Returns whether the Web and EJB containers should call the security framework on every access.

If false the containers are free to only call the security framework when security is set in the deployment descriptors.

Default Value:

false

setFullyDelegateAuthorization

void setFullyDelegateAuthorization(boolean fullyDelegate)
                                   throws InvalidAttributeValueException

Deprecated. 9.0.0.0

Sets whether the Web and EJB containers should call the security framework on every access.

Parameters:

fullyDelegate - - the new fully delegate authorization value.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isFullyDelegateAuthorization()

isValidateDDSecurityData

boolean isValidateDDSecurityData()

Not used in this release.

Changes take effect after you redeploy the module or restart the server.

Default Value:

false

setValidateDDSecurityData

void setValidateDDSecurityData(boolean validate)
                               throws InvalidAttributeValueException

Sets whether security data in the deployment descriptor is validated. This setting establishes the default value for applications deployed using the realm.

Parameters:

validate - - the new validate deployment descriptor security data value.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isValidateDDSecurityData()

getSecurityDDModel

String getSecurityDDModel()

Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.

Note:

If you deploy a module by modifying the domain's config.xml file and restarting the server, and if you do not specify a security model value for the module in config.xml, the module is secured with the default value of the AppDeploymentMBean SecurityDDModel attribute (see AppDeploymentMBean SecurityDDModel).

Choose one of these security models:

• Deployment Descriptors Only (DDOnly)
  • For EJBs and URL patterns, this model uses only the roles and policies in the J2EE deployment descriptors (DD); the Administration Console allows only read access for this data. With this model, EJBs and URL patterns are not protected by roles and policies of a broader scope (such as a policy scoped to an entire Web application). If an EJB or URL pattern is not protected by a role or policy in the DD, then it is unprotected: anyone can access it.
  • For application-scoped roles in an EAR, this model uses only the roles defined in the WebLogic Server DD; the Administration Console allows only read access for this data. If the WebLogic Server DD does not define roles, then there will be no such scoped roles defined for this EAR.
  • For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies for an EAR.
  • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
• Customize Roles Only (CustomRoles)
  • For EJBs and URL patterns, this model uses only the policies in the J2EE deployment descriptors (DD). EJBs and URL patterns are not protected by policies of a broader scope (such as a policy scoped to an entire Web application). This model ignores any roles defined in the DDs; an administrator completes the role mappings using the Administration Console.
  • For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies or roles for an EAR.
  • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
• Customize Roles and Policies (CustomRolesAndPolicies)
  • Ignores any roles and policies defined in deployment descriptors. An administrator uses the Administration Console to secure the resources.
  • Performs security checks for all URLs or EJB methods in the module.
  • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
• Advanced (Advanced)

  You configure how this model behaves by setting values for the following options:

  • When Deploying Web Applications or EJBs

    Note:

    When using the WebLogic Scripting Tool or JMX APIs, there is no single MBean attribute for this setting. Instead, you must set the values for the DeployPolicyIgnored and DeployRoleIgnored attributes of RealmMBean.

  • Check Roles and Policies (FullyDelegateAuthorization)
  • Combined Role Mapping Enabled (CombinedRoleMappingEnabled)
  You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.

  Note:

  Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.

See Also:

RealmMBean.isDeployPolicyIgnored(), RealmMBean.isDeployRoleIgnored(), RealmMBean.isFullyDelegateAuthorization(), RealmMBean.isCombinedRoleMappingEnabled()

Changes take effect after you redeploy the module or restart the server.

Default Value:

DeploymentModel.DD_ONLY

Valid Values:

DeploymentModel.DD_ONLY, DeploymentModel.CUSTOM_ROLES, DeploymentModel.CUSTOM_ROLES_POLICIES, DeploymentModel.ADVANCED

setSecurityDDModel

void setSecurityDDModel(String model)
                        throws InvalidAttributeValueException

Sets the default security deployment model for applications deployed in this security realm.

Parameters:

model - - the new default security deployment model.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.getSecurityDDModel()

isCombinedRoleMappingEnabled

boolean isCombinedRoleMappingEnabled()

Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.

When enabled:

• Application role mappings are combined with EJB and Web application mappings so that all principal mappings are included. The Security Service combines the role mappings with a logical OR operator.
• If one or more policies in the web.xml file specify a role for which no mapping exists in the weblogic.xml file, the Web application container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access URL patterns that are secured by such policies.
• If one or more policies in the ejb-jar.xml file specify a role for which no mapping exists in the weblogic-ejb-jar.xml file, the EJB container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access methods that are secured by such policies.

When disabled:

• Role mappings for each container are exclusive to other containers unless defined by the <externally-defined> descriptor element.
• If one or more policies in the web.xml file specify a role for which no role mapping exists in the weblogic.xml file, the Web application container assumes that the undefined role is the name of a principal. It therefore maps the assumed principal to the role name. For example, if the web.xml file contains the following stanza in one of its policies:
  <auth-constraint> <role-name>PrivilegedUser</role-name> </auth-constraint>
  but the weblogic.xml file has no role mapping for PrivilegedUser, then the Web application container creates an in-memory mapping that is equivalent to the following stanza:
  <security-role-assignment> <role-name>PrivilegedUser</role-name> <principal-name>PrivilegedUser</principal-name> </security-role-assignment>
• Role mappings for EJB methods must be defined in the weblogic-ejb-jar.xml file. Role mappings defined in the other containers are not used unless defined by the <externally-defined> descriptor element.

Note:

For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.

Since:

9.0.0.0

Changes take effect after you redeploy the module or restart the server.

Default Value:

true

setCombinedRoleMappingEnabled

void setCombinedRoleMappingEnabled(boolean combined)
                                   throws InvalidAttributeValueException

Sets whether application role mappings are combined by the J2EE containers.

If false the containers need enternally defined mappings to use application role mappings.

Parameters:

combined - - the new combined role mapping value.

Throws:

InvalidAttributeValueException

Since:

9.0.0.0

See Also:

RealmMBean.isCombinedRoleMappingEnabled()

validate

void validate()
              throws ErrorCollectionException

Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured.

Checks that the realm is valid.

Throws:

ErrorCollectionException - if this security realm is not valid. The exception contains a list of , one for each reason this security realm is not valid. The text of each exception describes the problem.

isDefaultRealm

boolean isDefaultRealm()

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm()

Returns whether this security realm is the Default realm for the WebLogic domain. Deprecated in this release of WebLogic Server and replaced by weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm.

setDefaultRealm

void setDefaultRealm(boolean isDefault)
                     throws InvalidAttributeValueException

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.setDefaultRealm(weblogic.management.security.RealmMBean)

Determines whether is security realm is the Default realm for the WebLogic domain. Deprecated in this release of WebLogic Server and replaced by weblogic.management.configuration.SecurityConfigurationMBean.setDefautlRealm.

Parameters:

isDefault - - whether or not this security realm is the Default realm for the WebLogic domain.

Throws:

InvalidAttributeValueException

Default Value:

false

isEnableWebLogicPrincipalValidatorCache

boolean isEnableWebLogicPrincipalValidatorCache()

Returns whether the WebLogic Principal Validator caching is enabled.

The Principal Validator is used by Oracle supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.

Default Value:

true

setEnableWebLogicPrincipalValidatorCache

void setEnableWebLogicPrincipalValidatorCache(boolean enabled)
                                              throws InvalidAttributeValueException

Sets whether the WebLogic Principal Validator caching is enabled.

Parameters:

enabled - - the new enable weblogic principal validator cache value.

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.isEnableWebLogicPrincipalValidatorCache()

getMaxWebLogicPrincipalsInCache

Integer getMaxWebLogicPrincipalsInCache()

Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. This value is only used if EnableWebLogicPrincipalValidatorCache is set to true

Default Value:

new Integer(500)

setMaxWebLogicPrincipalsInCache

void setMaxWebLogicPrincipalsInCache(Integer size)
                                     throws InvalidAttributeValueException

Sets the maximum size of the LRU cache for holding WebLogic Principal signatures.

Parameters:

size - - the new weblogic principals maximum cache size

Throws:

InvalidAttributeValueException

See Also:

RealmMBean.getMaxWebLogicPrincipalsInCache()

getName

String getName()

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Default Value:

"Realm"

isDelegateMBeanAuthorization

boolean isDelegateMBeanAuthorization()

Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.

You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.

If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.

Since:

9.1.0.0

See Also:

Default Security Policies for MBeans

Default Value:

false

setDelegateMBeanAuthorization

void setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization)
                                   throws InvalidAttributeValueException

Sets the value of the DelegateMBeanAuthorization attribute.

Parameters:

delegateMBeanAuthorization - - the new delegate MBean authorization value.

Throws:

InvalidAttributeValueException

Since:

9.1.0.0

See Also:

RealmMBean.isDelegateMBeanAuthorization()

getAuthMethods

String getAuthMethods()

Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. The authentication methods will be applied in order in which they appear in the list.

Since:

9.2.0.0

setAuthMethods

void setAuthMethods(String methods)

Set the authentication methods that should be used when the Web application specifies "REALM" as its auth-method.

getRDBMSSecurityStore

RDBMSSecurityStoreMBean getRDBMSSecurityStore()

Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration.

Returns:

the reference to RDBMSSecurityStoreMBean or null if the RDBMS security store is not configured in this realm

See Also:

RealmMBean.createRDBMSSecurityStore()

createRDBMSSecurityStore

RDBMSSecurityStoreMBean createRDBMSSecurityStore()
                                                 throws JMException

Creates configuration for the RDBMS security store. This can be called only once unless the existing instance is destroyed by invoking destroyRDBMSSecurityStore operation. The new security store MBean will have this realm as its parent.

Returns:

a RDBMS security store instance.

Throws:

JMException - if an error occurs when creating a RDBMS security store

See Also:

RealmMBean.destroyRDBMSSecurityStore()

createRDBMSSecurityStore

RDBMSSecurityStoreMBean createRDBMSSecurityStore(String name)
                                                 throws JMException

Creates configuration for the RDBMS security store with the specified name. This can be called only once unless the existing instance is destroyed by invoking destroyRDBMSSecurityStore operation. The new security store MBean will have this realm as its parent.

Parameters:

name - the name of this RDBMS security store

Returns:

a RDBMS security store instance.

Throws:

JMException - if an error occurs when creating a RDBMS security store

See Also:

RealmMBean.destroyRDBMSSecurityStore()

destroyRDBMSSecurityStore

void destroyRDBMSSecurityStore()

Destroys and removes the existing RDBMS security store which is a child of this realm. It only removes the security store configuration, not any data persisted in the store.

See Also:

RealmMBean.createRDBMSSecurityStore()

createPasswordValidator

PasswordValidatorMBean createPasswordValidator(Class subClass,
                                               String name)
                                               throws JMException

Creates a Password Validator provider in this security realm. The new Password Validator provider is added to the end of the list of Password Validator providers configured in this security realm.

Parameters:

subClass - Class The class of a Password Validator provider MBean implementation

name - String The name for the given Password Validator provider MBean

Returns:

PasswordValidatorMBean

Throws:

JMException

Since:

10.0

createPasswordValidator

PasswordValidatorMBean createPasswordValidator(String name,
                                               String type)
                                               throws ClassNotFoundException,
                                                      JMException

Creates a Password Validator provider in this security realm. The new Password Validator provider is added to the end of the list of Password Validator providers configured in this security realm.

Parameters:

name - String The name for the given Password Validator provider MBean

type - String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes

Returns:

PasswordValidatorMBean

Throws:

ClassNotFoundException

JMException

Since:

10.0

createPasswordValidator

PasswordValidatorMBean createPasswordValidator(String type)
                                               throws ClassNotFoundException,
                                                      JMException

Creates a Password Validator provider in this security realm. The new Password Validator provider is added to the end of the list of Password Validator providers configured in this security realm.

Parameters:

type - String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes

Returns:

PasswordValidatorMBean

Throws:

ClassNotFoundException

JMException

Since:

10.0

getPasswordValidatorTypes

String[] getPasswordValidatorTypes()

Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. Use this method to find the available types to pass to createPasswordValidator

Since:

10.0

getPasswordValidators

PasswordValidatorMBean[] getPasswordValidators()

Returns the Password Validator providers for this security realm (in invocation order).

Since:

10.0

setPasswordValidators

void setPasswordValidators(PasswordValidatorMBean[] passwordvalidators)
                           throws InvalidAttributeValueException

Sets the Password Validator providers for this security realm (in invocation order).

Parameters:

passwordvalidators - - The password validator providers to be set for this security realm.

Throws:

InvalidAttributeValueException

lookupPasswordValidator

PasswordValidatorMBean lookupPasswordValidator(String name)

Finds an Password Validator provider in this security realm. Returns null if this security realm has no Password Validator provider with the specified name.

Parameters:

name - String The name of a Password Validator provider MBean

Returns:

PasswordValidatorMBean

Since:

10.0

destroyPasswordValidator

void destroyPasswordValidator(PasswordValidatorMBean provider)

Removes the configuration for a Password Validator provider in this security realm.

Parameters:

provider - PasswordValidatorMBean The Password Validator provider to remove

Since:

10.0

isDeployableProviderSynchronizationEnabled

boolean isDeployableProviderSynchronizationEnabled()

Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.

The Authorization and Role Mapping providers may or may not support parallel security policy and role modification, respectively, in the security provider database. If the security providers do not support parallel modification, the WebLogic Security Framework enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.

Since:

10.3

Default Value:

false

setDeployableProviderSynchronizationEnabled

void setDeployableProviderSynchronizationEnabled(boolean enabled)
                                                 throws InvalidAttributeValueException

Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.

Parameters:

enabled - - the new value indicating whether the synchronization for deployable Authorization and Role Mapping providers is enabled

Throws:

InvalidAttributeValueException

Since:

10.3

See Also:

RealmMBean.isDeployableProviderSynchronizationEnabled()

getDeployableProviderSynchronizationTimeout

Integer getDeployableProviderSynchronizationTimeout()

Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation. This value is only used if DeployableProviderSynchronizationEnabled is set to true

Since:

10.3

Default Value:

new Integer(60000)

setDeployableProviderSynchronizationTimeout

void setDeployableProviderSynchronizationTimeout(Integer timeout)
                                                 throws InvalidAttributeValueException

Specifies the timeout value, in milliseconds, for the deployable security provider synchronization operation.

Parameters:

timeout - - the new timeout value (in milliseconds)

Throws:

InvalidAttributeValueException

Since:

10.3

See Also:

RealmMBean.getDeployableProviderSynchronizationTimeout()