Provides domain-wide security configuration information.
Since | 7.0.0.0 |
Fully Qualified Interface Name | If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.management.configuration.SecurityConfigurationMBean
|
Factory Methods | No factory methods. Instances of this MBean are created automatically. |
This section describes attributes that provide access to other MBeans.
Determines the domain's X509 certificate revocation checking configuration.
A CertRevocMBean is always associated with a domain's security configuration and cannot be changed, although CertRevocMBean attributes may be changed as documented.
Factory Methods | No explicit creator method. The child shares the lifecycle of its parent. |
Privileges | Read only |
Type | CertRevocMBean |
Relationship type: | Containment. |
Returns the default security realm or null if no realm has been selected as the default security realm.
Lookup Operation | lookupRealm(String name)
Returns a |
Privileges | Read/Write |
Type | RealmMBean |
Relationship type: | Reference. |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Returns all the realms in the domain.
Factory Methods | createRealm
(java.lang.String name)
Factory methods do not return objects. |
Lookup Operation | lookupRealm(String name)
Returns a |
Privileges | Read only |
Type | RealmMBean[] |
Relationship type: | Containment. |
This section describes the following attributes:
Returns true if anonymous JNDI access for Admin MBean home is
permitted. This is overridden by the Java property
-Dweblogic.management.anonymousAdminLookupEnabled
.
Privileges | Read/Write |
Type | boolean |
Private property that disables caching in proxies.
Privileges | Read only |
Type | boolean |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Returns true if allow access to credential in clear text. This
can be overridden by the system property
-Dweblogic.management.clearTextCredentialAccessEnabled
Privileges | Read/Write |
Type | boolean |
Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.
This attribute changes the protocols names used when filtering needs to be performed.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | boolean |
The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.
This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | java.lang.String |
The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.
This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | class java.lang.String[] |
Specifies whether this WebLogic Server domain should log accepted connections.
This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.
This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | boolean |
Indicates whether the console is enabled for fully delegate authorization.
Available Since | Release 9.2.0.0 |
Privileges | Read/Write |
Type | boolean |
The password for the domain. In WebLogic Server version 6.0, this attribute was the password of the system user. In WebLogic Server version 7.0, this attribute can be any string. For the two domains to interoperate, the string must be the same for both domains.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the UserPasswordEncrypted
attribute to the encrypted value.
For more information, see:
Privileges | Read/Write |
Type | java.lang.String |
Encrypted | true |
The encrypted password for the domain. In WebLogic Server version 6.0, this attribute was the password of the system user. In WebLogic Server version 7.0, this attribute can be any string. For the two domains to interoperate, the string must be the same for both domains.
To set this attribute, pass an unencrypted string to the MBean
server's setAttribute
method. WebLogic Server encrypts
the value and sets the attribute to the encrypted value.
Privileges | Read/Write |
Type | byte[] |
Encrypted | true |
Indicates whether or not cross-domain security is enabled
Privileges | Read/Write |
Type | boolean |
Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | boolean |
Whether or not the system should enforce strict URL pattern or not.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | boolean |
Default Value | true |
Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.
Available Since | Release 9.2 |
Privileges | Read/Write |
Type | boolean |
Default Value | true |
Specifies a list of remote domains for which cross-domain check should not be applied.
Available Since | Release 10.0 |
Privileges | Read/Write |
Type | class java.lang.String[] |
Returns the MBean info for this MBean.
Deprecated.
Privileges | Read only |
Type | javax.management.MBeanInfo |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
The user-specified name of this MBean instance.
This name is included as one of the key properties in the
MBean's javax.management.ObjectName
:
Name=user-specified-name
Privileges | Read/Write |
Type | java.lang.String |
The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
When you get the value of this attribute, WebLogic Server does the following:
Retrieves the value of the
NodeManagerPasswordEncrypted
attribute.
Decrypts the value and returns the unencrypted password as a String.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the NodeManagerPasswordEncrypted
attribute to the encrypted value.
Using this attribute (NodeManagerPassword
) is a
potential security risk because the String object (which contains
the unencrypted password) remains in the JVM's memory until garbage
collection removes it and the memory is reallocated. Depending on
how memory is allocated in the JVM, a significant amount of time
could pass before this unencrypted data is removed from memory.
Instead of using this attribute, you should use
NodeManagerPasswordEncrypted
.
For more information, see:
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | java.lang.String |
Encrypted | true |
The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
To set this attribute, use
weblogic.management.EncryptionHelper.encrypt()
to
encrypt the value. Then set this attribute to the output of the
encrypt() method.
To compare a password that a user enters with the encrypted
value of this attribute, go to the same WebLogic Server instance
that you used to set and encrypt this attribute and use
weblogic.management.EncryptionHelper.encrypt()
to
encrypt the user-supplied password. Then compare the encrypted
values.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | byte[] |
Default Value | |
Encrypted | true |
The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
Available Since | Release 9.0.0.0 |
Privileges | Read/Write |
Type | java.lang.String |
Default Value |
Optional information that you can include to describe this configuration.
WebLogic Server saves this note in the domain's configuration
file (config.xml
) as XML PCDATA. All left angle
brackets (<) are converted to the XML entity
<
. Carriage returns/line feeds are
preserved.
If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.
Privileges | Read/Write |
Type | java.lang.String |
Returns the ObjectName under which this MBean is registered in the MBean server.
Deprecated.
Privileges | Read only |
Type | weblogic.management.WebLogicObjectName |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Return the immediate parent for this MBean
Privileges | Read/Write |
Type |
Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.
If this attribute is enabled, matches are case insensitive.
Note: Note that principal comparison is not used by the WebLogic Security Service to determine access to protected resources. This attribute is intended for use with JAAS authorization, which may require case insensitive principal matching behavior.
Privileges | Read/Write |
Type | boolean |
Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.
If enabled, the GUID and DN data (if included among the attributes in a WebLogic Server principal object) and the principal name are compared when this method is invoked.
Privileges | Read/Write |
Type | boolean |
Returns false if the MBean represented by this object has been unregistered.
Deprecated.
Privileges | Read only |
Type | boolean |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
Returns the type of the MBean.
Privileges | Read only |
Type | java.lang.String |
Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. |
This property defines the case sensitive URL-pattern matching
behavior for security constraints, servlets, filters,
virtual-hosts, and so on, in the Web application container and
external security policies. Note: This is a Windows-only
flag that is provided for backward compatibility when upgrading
from pre-9.0 versions of WebLogic Server. On Unix platforms,
setting this value to true
causes undesired behavior
and is not supported. When the value is set to os
, the
pattern matching will be case- sensitive on all platforms except
the Windows file system. Note that on non-Windows file systems,
WebLogic Server does not enforce case sensitivity and relies on the
file system for optimization. As a result, if you have a Windows
Samba mount from Unix or Mac OS that has been installed in
case-insensitive mode, there is a chance of a security risk. If so,
specify case-insensitive lookups by setting this attribute to
true
. Note also that this property is used to preserve
backward compatibility on Windows file systems only. In prior
releases, WebLogic Server was case- insensitive on Windows. As of
WebLogic Server 9.0, URL-pattern matching is strictly enforced.
During the upgrade of older domains, the value of this parameter is
explicitly set to os
by the upgrade plug-in to
preserve backward compatibility.
Privileges | Read/Write |
Type | java.lang.String |
Default Value | false |
Legal Values |
|
This section describes the following operations:
Finds the default security realm. Returns null if a default security realm is not defined.
Deprecated.
Operation Name | "findDefaultRealm" |
Parameters | null |
Signature | null |
Returns | RealmMBean |
Finds a realm by name (that is, by the display name of the realm). Returns null no realm with that name has been defined. Throws a configuration error if there are multiple matches.
Deprecated.
Operation Name | "findRealm" |
Parameters | Object [] { realmDisplayName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns | RealmMBean |
Returns all the realms in the domain.
Deprecated.
Operation Name | "findRealms" |
Parameters | null |
Signature | null |
Returns |
class |
If the specified attribute has not been set explicitly, and if the attribute has a default value, this operation forces the MBean to persist the default value.
Unless you use this operation, the default value is not saved and is subject to change if you update to a newer release of WebLogic Server. Invoking this operation isolates this MBean from the effects of such changes.
To insure that you are freezing the default value, invoke the
restoreDefaultValue
operation before you invoke
this.
This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute for which some other value has been set.
Deprecated.
Operation Name | "freezeCurrentValue" |
Parameters | Object [] { attributeName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
void
|
Exceptions |
|
Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
Operation Name | "generateCredential" |
Parameters | null |
Signature | null |
Returns |
class |
Returns true if the specified attribute has been set explicitly in this MBean instance.
Operation Name | "isSet" |
Parameters | Object [] { propertyName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
boolean
|
If the specified attribute has a default value, this operation removes any value that has been set explicitly and causes the attribute to use the default value.
Default values are subject to change if you update to a newer
release of WebLogic Server. To prevent the value from changing if
you update to a newer release, invoke the
freezeCurrentValue
operation.
This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute that is already using the default.
Deprecated.
Operation Name | "restoreDefaultValue" |
Parameters | Object [] { attributeName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
void
|
Exceptions |
|
Restore the given property to its default value.
Operation Name | "unSet" |
Parameters | Object [] { propertyName }
where:
|
Signature | String [] {
"java.lang.String" } |
Returns |
void
|