|
Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SecurityConfigurationMBean
Provides domain-wide security configuration information.
Field Summary |
---|
Fields inherited from interface weblogic.management.configuration.ConfigurationMBean |
---|
DEFAULT_EMPTY_BYTE_ARRAY |
Method Summary | |
---|---|
abstract RealmMBean |
createRealm() Creates a realm. |
abstract RealmMBean |
createRealm(String name) Creates a realm. |
abstract void |
destroyRealm(RealmMBean realm) Destroys a realm. |
abstract RealmMBean |
findDefaultRealm() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm() |
abstract RealmMBean |
findRealm(String realmDisplayName) Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.lookupRealm(java.lang.String) |
abstract RealmMBean[] |
findRealms() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getRealms() |
abstract byte[] |
generateCredential() Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted |
abstract String |
getAdministrativeIdentityDomain() Domain's administrative identity domain. |
abstract CertRevocMBean |
getCertRevoc() Determines the domain's X509 certificate revocation checking configuration. |
abstract boolean |
getCompatibilityConnectionFiltersEnabled() Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters. |
abstract String |
getConnectionFilter() The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). |
abstract String[] |
getConnectionFilterRules() The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. |
abstract boolean |
getConnectionLoggerEnabled() Specifies whether this WebLogic Server domain should log accepted connections. |
abstract RealmMBean |
getDefaultRealm() Returns the default security realm or null if no realm has been selected as the default security realm. |
abstract RealmMBean |
getDefaultRealmInternal() |
abstract boolean |
getDowngradeUntrustedPrincipals() Whether or not to downgrade to anonymous principals that cannot be verified. |
abstract boolean |
getEnforceStrictURLPattern() Whether or not the system should enforce strict URL pattern or not. |
abstract boolean |
getEnforceValidBasicAuthCredentials() Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources. |
abstract String[] |
getExcludedDomainNames() Specifies a list of remote domains for which cross-domain check should not be applied. |
abstract JASPICMBean |
getJASPIC() Creates a Jaspic MBean from which AuthConfigProviders can be created and configured. |
abstract String |
getNodeManagerPassword() The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers. |
abstract byte[] |
getNodeManagerPasswordEncrypted() The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers. |
abstract String |
getNodeManagerUsername() The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers. |
abstract int |
getNonceTimeoutSeconds() Returns the value of the nonce timeout in seconds. |
abstract RealmMBean[] |
getRealms() Returns all the realms in the domain. |
abstract String |
getWebAppFilesCaseInsensitive() This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies. |
abstract boolean |
isAnonymousAdminLookupEnabled() Deprecated. 12.2.1.0 |
abstract boolean |
isClearTextCredentialAccessEnabled() Returns true if allow access to credential in clear text. |
abstract boolean |
isConsoleFullDelegationEnabled() Indicates whether the console is enabled for fully delegate authorization. |
abstract boolean |
isCrossDomainSecurityEnabled() Indicates whether or not cross-domain security is enabled. |
abstract boolean |
isIdentityDomainAwareProvidersRequired() Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain. |
abstract boolean |
isIdentityDomainDefaultEnabled() Returns true if identity domain values should be defaulted for the Administrative Identity Domain, Partition Primary Identity Domain, and Default Authenticator Identity Domain attributes. |
abstract boolean |
isPrincipalEqualsCaseInsensitive() Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed. |
abstract boolean |
isPrincipalEqualsCompareDnAndGuid() Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked. |
abstract boolean |
isUseKSSForDemo() Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS). |
abstract RealmMBean |
lookupRealm(String name) Finds a realm given it's name. |
abstract void |
setAdministrativeIdentityDomain(String identityDomain) Set this domain's administrative identity domain. |
abstract void |
setAnonymousAdminLookupEnabled(boolean permit) Permits anonymous JNDI access to get the Admin MBean home. |
abstract void |
setClearTextCredentialAccessEnabled(boolean enabled) Allow access to clear-text password. |
abstract void |
setCompatibilityConnectionFiltersEnabled(boolean compatibility) |
abstract void |
setConnectionFilter(String filter) |
abstract void |
setConnectionFilterRules(String[] filterList) |
abstract void |
setConnectionLoggerEnabled(boolean logging) |
abstract void |
setConsoleFullDelegationEnabled(boolean enabled) Enables the console to operate with fully delegate authorization. |
abstract void |
setCredential(String credential) As of 8.1 sp4, this method does the following: |
abstract void |
setCredentialEncrypted(byte[] bytes) Encrypts and sets the value of the CredentialEncrypted attribute. |
abstract void |
setCrossDomainSecurityEnabled(boolean enabled) Turns on/off the cross-domain security. |
abstract void |
setDefaultRealm(RealmMBean defaultRealm) Sets the default security realm. |
abstract void |
setDefaultRealmInternal(RealmMBean def) |
abstract void |
setDowngradeUntrustedPrincipals(boolean downgrade) |
abstract void |
setEnforceStrictURLPattern(boolean enforceStrictURLPattern) |
abstract void |
setEnforceValidBasicAuthCredentials(boolean allow) |
abstract void |
setExcludedDomainNames(String[] remoteDomains) Specifies a list of remote domains for which cross-domain check should not be applied. |
abstract void |
setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain) Set whether providers must support the IdentityDomainAwareProviderMBean interface. |
abstract void |
setIdentityDomainDefaultEnabled(boolean enabled) Set whether identity domain default values are enabled |
abstract void |
setNodeManagerPassword(String password) Sets the value of the NodeManagerPassword attribute. |
abstract void |
setNodeManagerPasswordEncrypted(byte[] bytes) Sets the value of the NodeManagerPassword attribute. |
abstract void |
setNodeManagerUsername(String username) Sets the node manager username for the domain. |
abstract void |
setNonceTimeoutSeconds(int timeout) Sets the value of the nonce timeout in seconds. |
abstract void |
setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive) Sets the value of the PrincipalEqualsCaseInsensitive attribute. |
abstract void |
setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid) Sets the value of the UseGUIDandDNinEqual attribute. |
abstract void |
setUseKSSForDemo(boolean useKss) Specifies that the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS). |
abstract void |
setWebAppFilesCaseInsensitive(String caseInsensitive) Sets the value for the WebAppFilesCaseInsensitive. |
Methods inherited from interface weblogic.management.configuration.ConfigurationMBean |
---|
freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet |
Methods inherited from interface weblogic.management.WebLogicMBean |
---|
getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent |
Methods inherited from interface javax.management.DynamicMBean |
---|
getAttribute, getAttributes, invoke, setAttribute, setAttributes |
Methods inherited from interface javax.management.MBeanRegistration |
---|
postDeregister, postRegister, preDeregister, preRegister |
Methods inherited from interface javax.management.NotificationBroadcaster |
---|
addNotificationListener, getNotificationInfo, removeNotificationListener |
Methods inherited from interface weblogic.descriptor.DescriptorBean |
---|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener |
Method Detail |
---|
JASPICMBean getJASPIC()
RealmMBean createRealm(String name) throws JMException
name
- - The name of this realm, for example, myrealm
JMException
RealmMBean createRealm() throws JMException
JMException
void destroyRealm(RealmMBean realm)
realm
-RealmMBean[] getRealms()
RealmMBean lookupRealm(String name)
realm
-RealmMBean[] findRealms()
SecurityConfigurationMBean.getRealms()
RealmMBean findDefaultRealm()
SecurityConfigurationMBean.getDefaultRealm()
RealmMBean findRealm(String realmDisplayName)
SecurityConfigurationMBean.lookupRealm(java.lang.String)
realmDisplayName
- A String containing the realm's display name.RealmMBean getDefaultRealm()
void setDefaultRealm(RealmMBean defaultRealm) throws InvalidAttributeValueException
defaultRealm
- The new default realm. Use null to specify that there is no default realm.InvalidAttributeValueException
boolean isAnonymousAdminLookupEnabled()
Returns true if anonymous JNDI access for Admin MBean home is permitted. This is overridden by the Java property -Dweblogic.management.anonymousAdminLookupEnabled
.
void setAnonymousAdminLookupEnabled(boolean permit)
Permits anonymous JNDI access to get the Admin MBean home.
permit
- The new value.SecurityConfigurationMBean.isAnonymousAdminLookupEnabled()
boolean isClearTextCredentialAccessEnabled()
Returns true if allow access to credential in clear text. This can be overridden by the system property -Dweblogic.management.clearTextCredentialAccessEnabled
void setClearTextCredentialAccessEnabled(boolean enabled)
Allow access to clear-text password.
enabled
- The new value.SecurityConfigurationMBean.isClearTextCredentialAccessEnabled()
byte[] generateCredential()
Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
void setCredential(String credential) throws InvalidAttributeValueException
As of 8.1 sp4, this method does the following:
CredentialEncrypted
attribute to the encrypted parameter value.credential
- The new credential valueInvalidAttributeValueException
SecurityConfigurationMBean.getCredential()
, SecurityConfigurationMBean.setCredentialEncrypted(byte[] bytes)
void setCredentialEncrypted(byte[] bytes) throws InvalidAttributeValueException
Encrypts and sets the value of the CredentialEncrypted attribute.
bytes
- The new credential value as a byte array.InvalidAttributeValueException
SecurityConfigurationMBean.getCredentialEncrypted()
String getWebAppFilesCaseInsensitive()
This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies. Note: This is a Windows-only flag that is provided for backward compatibility when upgrading from pre-9.0 versions of WebLogic Server. On Unix platforms, setting this value to true
causes undesired behavior and is not supported. When the value is set to os
, the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic Server does not enforce case sensitivity and relies on the file system for optimization. As a result, if you have a Windows Samba mount from Unix or Mac OS that has been installed in case-insensitive mode, there is a chance of a security risk. If so, specify case-insensitive lookups by setting this attribute to true
. Note also that this property is used to preserve backward compatibility on Windows file systems only. In prior releases, WebLogic Server was case- insensitive on Windows. As of WebLogic Server 9.0, URL-pattern matching is strictly enforced. During the upgrade of older domains, the value of this parameter is explicitly set to os
by the upgrade plug-in to preserve backward compatibility.
void setWebAppFilesCaseInsensitive(String caseInsensitive) throws InvalidAttributeValueException
Sets the value for the WebAppFilesCaseInsensitive.
caseInsensitive
- The new value caseInsensitive.InvalidAttributeValueException
SecurityConfigurationMBean.getWebAppFilesCaseInsensitive()
String getConnectionFilter()
The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter
interface). If no class name is specified, no connection filter will be used.
This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.
void setConnectionFilter(String filter) throws InvalidAttributeValueException
InvalidAttributeValueException
String[] getConnectionFilterRules()
The rules used by any connection filter that implements the ConnectionFilterRulesListener
interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols
.
This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.
void setConnectionFilterRules(String[] filterList)
boolean getConnectionLoggerEnabled()
Specifies whether this WebLogic Server domain should log accepted connections.
This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.
This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.
void setConnectionLoggerEnabled(boolean logging) throws InvalidAttributeValueException
InvalidAttributeValueException
boolean getCompatibilityConnectionFiltersEnabled()
Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.
This attribute changes the protocols names used when filtering needs to be performed.
void setCompatibilityConnectionFiltersEnabled(boolean compatibility) throws InvalidAttributeValueException
InvalidAttributeValueException
String getNodeManagerUsername()
The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
void setNodeManagerUsername(String username)
username
- the new username valueSecurityConfigurationMBean.getNodeManagerUsername()
String getNodeManagerPassword()
The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
When you get the value of this attribute, WebLogic Server does the following:
NodeManagerPasswordEncrypted
attribute.When you set the value of this attribute, WebLogic Server does the following:
NodeManagerPasswordEncrypted
attribute to the encrypted value.Using this attribute (NodeManagerPassword
) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.
Instead of using this attribute, you should use NodeManagerPasswordEncrypted
.
SecurityConfigurationMBean.getNodeManagerPasswordEncrypted()
void setNodeManagerPassword(String password)
password
- the new password valueSecurityConfigurationMBean.getNodeManagerPassword()
, SecurityConfigurationMBean.setNodeManagerPasswordEncrypted(byte[])
byte[] getNodeManagerPasswordEncrypted()
The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
To set this attribute, use weblogic.management.EncryptionHelper.encrypt()
to encrypt the value. Then set this attribute to the output of the encrypt() method.
To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt()
to encrypt the user-supplied password. Then compare the encrypted values.
void setNodeManagerPasswordEncrypted(byte[] bytes)
bytes
- the new password valueSecurityConfigurationMBean.getNodeManagerPasswordEncrypted()
boolean isPrincipalEqualsCaseInsensitive()
Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.
If this attribute is enabled, matches are case insensitive.
Note: Note that principal comparison is not used by the WebLogic Security Service to determine access to protected resources. This attribute is intended for use with JAAS authorization, which may require case insensitive principal matching behavior.
void setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive)
principalEqualsCaseInsensitive
-SecurityConfigurationMBean.isPrincipalEqualsCaseInsensitive()
boolean isPrincipalEqualsCompareDnAndGuid()
Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.
If enabled, the GUID and DN data (if included among the attributes in a WebLogic Server principal object) and the principal name are compared when this method is invoked.
void setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid)
principalEqualsCompareDnAndGuid
-SecurityConfigurationMBean.isPrincipalEqualsCompareDnAndGuid()
boolean getDowngradeUntrustedPrincipals()
void setDowngradeUntrustedPrincipals(boolean downgrade)
downgrade
- the new DowngradeUntrustedPrincipals valueSecurityConfigurationMBean.getDowngradeUntrustedPrincipals()
boolean getEnforceStrictURLPattern()
void setEnforceStrictURLPattern(boolean enforceStrictURLPattern)
enforceStrictURLPattern
- the new EnforceStrictURLPattern valueSecurityConfigurationMBean.getEnforceStrictURLPattern()
boolean getEnforceValidBasicAuthCredentials()
void setEnforceValidBasicAuthCredentials(boolean allow)
allow
- the new EnforceValidBasicAuthCredentials valueSecurityConfigurationMBean.getEnforceValidBasicAuthCredentials()
boolean isConsoleFullDelegationEnabled()
Indicates whether the console is enabled for fully delegate authorization.
void setConsoleFullDelegationEnabled(boolean enabled)
Enables the console to operate with fully delegate authorization.
enabled
- the new console full delegation valueSecurityConfigurationMBean.isConsoleFullDelegationEnabled()
RealmMBean getDefaultRealmInternal()
RealmContainer
void setDefaultRealmInternal(RealmMBean def)
RealmContainer
String[] getExcludedDomainNames()
Specifies a list of remote domains for which cross-domain check should not be applied.
void setExcludedDomainNames(String[] remoteDomains)
Specifies a list of remote domains for which cross-domain check should not be applied. Sets the list of remote domain names that are to be excluded from the cross-domain checks.
remoteDomains
- Array of Strings of all the domain names to be excluded.boolean isCrossDomainSecurityEnabled()
Indicates whether or not cross-domain security is enabled.
void setCrossDomainSecurityEnabled(boolean enabled)
Turns on/off the cross-domain security.
enabled
- indicate whether or not cross domain security is enabled via the use of credential mapper.CertRevocMBean getCertRevoc()
Determines the domain's X509 certificate revocation checking configuration.
A CertRevocMBean is always associated with a domain's security configuration and cannot be changed, although CertRevocMBean attributes may be changed as documented.
boolean isUseKSSForDemo()
Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).
If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.
Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):
Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:
SecurityConfigurationMBean.setUseKSSForDemo(boolean)
void setUseKSSForDemo(boolean useKss)
If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.
Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):
Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:
useKss
- true
to use KSS for Demo key stores, otherwise false
.SecurityConfigurationMBean.isUseKSSForDemo()
String getAdministrativeIdentityDomain()
void setAdministrativeIdentityDomain(String identityDomain)
identityDomain
- the administrative identity domainboolean isIdentityDomainAwareProvidersRequired()
void setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain)
requireIdentityDomain
- true if providers must support identity domains, false otherwiseboolean isIdentityDomainDefaultEnabled()
void setIdentityDomainDefaultEnabled(boolean enabled)
enabled
- true if defaulting of identity domain values is enabled, false otherwise.int getNonceTimeoutSeconds()
void setNonceTimeoutSeconds(int timeout)
timeout
- number of seconds that the nonce is valid.
|
Copyright 1996, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |