|
Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface RealmMBean
The MBean that represents configuration attributes for the security realm.
A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).
Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).
One security realm in the WebLogic domain must have the DefaultRealm
attribute set to true. The security realm with the DefaultRealm
attribute set to true is used as the default security realm for the WebLogic domain. Note that other available security realms must have the DefaultRealm
attribute set to false.
When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.
Since security providers are scoped by realm, the Realm
attribute on a security provider must be set to the realm that uses the provider.
Method Summary | |
---|---|
abstract AdjudicatorMBean |
createAdjudicator(String type) Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider. |
abstract AdjudicatorMBean |
createAdjudicator(String name, String type) Creates an Adjudication provider in this security realm and removes this security realm's previous Adjudication provider. |
abstract AuditorMBean |
createAuditor(String type) Creates an Auditing provider in this security realm. |
abstract AuditorMBean |
createAuditor(String name, String type) Creates an Auditing provider in this security realm. |
abstract AuthenticationProviderMBean |
createAuthenticationProvider(String type) Creates an Authentication provider in this security realm. |
abstract AuthenticationProviderMBean |
createAuthenticationProvider(String name, String type) Creates an Authentication provider in this security realm. |
abstract AuthorizerMBean |
createAuthorizer(String type) Creates an Authorization provider in this security realm. |
abstract AuthorizerMBean |
createAuthorizer(String name, String type) Creates an Authorization provider in this security realm. |
abstract CertPathProviderMBean |
createCertPathProvider(String type) Creates a Certification Path provider in this security realm. |
abstract CertPathProviderMBean |
createCertPathProvider(String name, String type) Creates a Certification Path provider in this security realm. |
abstract CredentialMapperMBean |
createCredentialMapper(String type) Creates a Credential Mapping provider in this security realm. |
abstract CredentialMapperMBean |
createCredentialMapper(String name, String type) Creates a Credential Mapping provider in this security realm. |
abstract PasswordValidatorMBean |
createPasswordValidator(String type) Creates a Password Validator provider in this security realm. |
abstract PasswordValidatorMBean |
createPasswordValidator(String name, String type) Creates a Password Validator provider in this security realm. |
abstract RDBMSSecurityStoreMBean |
createRDBMSSecurityStore() Creates configuration for the RDBMS security store. |
abstract RDBMSSecurityStoreMBean |
createRDBMSSecurityStore(String name) Creates configuration for the RDBMS security store with the specified name. |
abstract RoleMapperMBean |
createRoleMapper(String type) Creates a Role Mapping provider in this security realm. |
abstract RoleMapperMBean |
createRoleMapper(String name, String type) Creates a Role Mapping provider in this security realm. |
abstract void |
destroyAdjudicator() Removes the configuration this security realm's Adjudication provider (if there is one). |
abstract void |
destroyAuditor(AuditorMBean auditor) Removes the configuration for an Auditing provider in this security realm. |
abstract void |
destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider) Removes the configuration for an Authentication provider in this security realm. |
abstract void |
destroyAuthorizer(AuthorizerMBean authorizer) Removes the configuration for an Authorization provider in this security realm. |
abstract void |
destroyCertPathProvider(CertPathProviderMBean certPathProvider) Removes the configuration for a Certification Path provider in this security realm. |
abstract void |
destroyCredentialMapper(CredentialMapperMBean credentialMapper) Removes the configuration for a Credential Mapping provider in this security realm. |
abstract void |
destroyPasswordValidator(PasswordValidatorMBean provider) Removes the configuration for a Password Validator provider in this security realm. |
abstract void |
destroyRDBMSSecurityStore() Destroys and removes the existing RDBMS security store which is a child of this realm. |
abstract void |
destroyRoleMapper(RoleMapperMBean roleMapper) Removes the configuration for a Role Mapping provider in this security realm. |
abstract AdjudicatorMBean |
getAdjudicator() Returns the Adjudication provider for this security realm. |
abstract String[] |
getAdjudicatorTypes() Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator . |
abstract AuditorMBean[] |
getAuditors() Returns the Auditing providers for this security realm (in invocation order). |
abstract String[] |
getAuditorTypes() Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor . |
abstract AuthenticationProviderMBean[] |
getAuthenticationProviders() Returns the Authentication providers for this security realm (in invocation order). |
abstract String[] |
getAuthenticationProviderTypes() Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator . |
abstract String |
getAuthMethods() Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. |
abstract AuthorizerMBean[] |
getAuthorizers() Returns the Authorization providers for this security realm (in invocation order). |
abstract String[] |
getAuthorizerTypes() Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer . |
abstract CertPathBuilderMBean |
getCertPathBuilder() Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. |
abstract CertPathProviderMBean[] |
getCertPathProviders() Returns the Certification Path providers for this security realm (in invocation order). |
abstract String[] |
getCertPathProviderTypes() Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider . |
abstract CredentialMapperMBean[] |
getCredentialMappers() Returns the Credential Mapping providers for this security realm (in invocation order). |
abstract String[] |
getCredentialMapperTypes() Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper . |
abstract Integer |
getDeployableProviderSynchronizationTimeout() Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation. |
abstract Integer |
getMaxWebLogicPrincipalsInCache() Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. |
abstract String |
getName() The name of this configuration. |
abstract PasswordValidatorMBean[] |
getPasswordValidators() Returns the Password Validator providers for this security realm (in invocation order). |
abstract String[] |
getPasswordValidatorTypes() Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator . |
abstract RDBMSSecurityStoreMBean |
getRDBMSSecurityStore() Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration. |
abstract int |
getRetireTimeoutSeconds() Specifies the retire timeout for a realm that is restarted. |
abstract RoleMapperMBean[] |
getRoleMappers() Returns the Role Mapping providers for this security realm (in invocation order). |
abstract String[] |
getRoleMapperTypes() Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper . |
abstract String |
getSecurityDDModel() Specifies the default security model for Web applications or EJBs that are secured by this security realm. |
abstract UserLockoutManagerMBean |
getUserLockoutManager() Returns the User Lockout Manager for this security realm. |
abstract boolean |
isAutoRestartOnNonDynamicChanges() Specifies whether the Realm will be auto-restarted if non-dynamic changes are made to the realm or providers within the realm. |
abstract boolean |
isCombinedRoleMappingEnabled() Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. |
abstract boolean |
isDefaultRealm() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm() |
abstract boolean |
isDelegateMBeanAuthorization() Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation. |
abstract boolean |
isDeployableProviderSynchronizationEnabled() Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled. |
abstract boolean |
isDeployCredentialMappingIgnored() Deprecated. 9.0.0.0 |
abstract boolean |
isDeployPolicyIgnored() Deprecated. 9.0.0.0 |
abstract boolean |
isDeployRoleIgnored() Deprecated. 9.0.0.0 |
abstract boolean |
isEnableWebLogicPrincipalValidatorCache() Returns whether the WebLogic Principal Validator caching is enabled. |
abstract boolean |
isFullyDelegateAuthorization() Deprecated. 9.0.0.0 |
abstract boolean |
isValidateDDSecurityData() Not used in this release. |
abstract AuditorMBean |
lookupAuditor(String name) Finds an Auditing provider in this security realm. |
abstract AuthenticationProviderMBean |
lookupAuthenticationProvider(String name) Finds an Authentication provider in this security realm. |
abstract AuthorizerMBean |
lookupAuthorizer(String name) Finds an Authorization provider in this security realm. |
abstract CertPathProviderMBean |
lookupCertPathProvider(String name) Finds a Certification Path provider in this security realm. |
abstract CredentialMapperMBean |
lookupCredentialMapper(String name) Finds a Credential Mapping provider in this security realm. |
abstract PasswordValidatorMBean |
lookupPasswordValidator(String name) Finds an Password Validator provider in this security realm. |
abstract RoleMapperMBean |
lookupRoleMapper(String name) Finds a Role Mapping provider in this security realm. |
abstract void |
setAuditors(AuditorMBean[] auditors) Changes the invocation order of this security realm's Auditing providers. |
abstract void |
setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders) Changes the invocation order of this security realm's Authentication providers. |
abstract void |
setAuthMethods(String methods) Set the authentication methods that should be used when the Web application specifies "REALM" as its auth-method. |
abstract void |
setAuthorizers(AuthorizerMBean[] authorizers) Changes the invocation order of this security realm's Authorization providers. |
abstract void |
setAutoRestartOnNonDynamicChanges(boolean autorestart) Sets the value of the AutoRestartOnNonDynamicChanges attribute. |
abstract void |
setCertPathBuilder(CertPathBuilderMBean certPathBuilder) Determines which of this security realm's CertPathProviders will be used by the security system to build certification paths. |
abstract void |
setCertPathProviders(CertPathProviderMBean[] certPathProviders) Changes the invocation order of this security realm's Certification Path providers. |
abstract void |
setCombinedRoleMappingEnabled(boolean combined) Sets whether application role mappings are combined by the J2EE containers. |
abstract void |
setCredentialMappers(CredentialMapperMBean[] credentialMappers) Changes the invocation order of this security realm's Credential Mapping providers. |
abstract void |
setDefaultRealm(boolean isDefault) Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.setDefaultRealm(weblogic.management.security.RealmMBean) |
abstract void |
setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization) Sets the value of the DelegateMBeanAuthorization attribute. |
abstract void |
setDeployableProviderSynchronizationEnabled(boolean enabled) Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled. |
abstract void |
setDeployableProviderSynchronizationTimeout(Integer timeout) Specifies the timeout value, in milliseconds, for the deployable security provider synchronization operation. |
abstract void |
setDeployCredentialMappingIgnored(boolean ignored) Deprecated. 9.0.0.0 |
abstract void |
setDeployPolicyIgnored(boolean ignored) Deprecated. 9.0.0.0 |
abstract void |
setDeployRoleIgnored(boolean ignored) Deprecated. 9.0.0.0 |
abstract void |
setEnableWebLogicPrincipalValidatorCache(boolean enabled) Sets whether the WebLogic Principal Validator caching is enabled. |
abstract void |
setFullyDelegateAuthorization(boolean fullyDelegate) Deprecated. 9.0.0.0 |
abstract void |
setMaxWebLogicPrincipalsInCache(Integer size) Sets the maximum size of the LRU cache for holding WebLogic Principal signatures. |
abstract void |
setPasswordValidators(PasswordValidatorMBean[] passwordvalidators) Sets the Password Validator providers for this security realm (in invocation order). |
abstract void |
setRetireTimeoutSeconds(int timeout) Sets the value of the RetireTimeoutSeconds attribute. |
abstract void |
setRoleMappers(RoleMapperMBean[] roleMappers) Changes the invocation order of this security realm's Role Mapping providers. |
abstract void |
setSecurityDDModel(String model) Sets the default security deployment model for applications deployed in this security realm. |
abstract void |
setValidateDDSecurityData(boolean validate) Sets whether security data in the deployment descriptor is validated. |
abstract void |
validate() Deprecated. 9.0.0.0 This method is no longer required since activating a configuration transaction does this check automatically on the default realm, and will not allow the configuration to be saved if the domain does not have a valid default realm configured. |
Methods inherited from interface weblogic.descriptor.DescriptorBean |
---|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener |
Method Detail |
---|
AuditorMBean[] getAuditors()
void setAuditors(AuditorMBean[] auditors) throws InvalidAttributeValueException
auditors
- - The new invocation order for this security realm's Auditing providers. It should contain exactly the same Auditing providers that getAuditors()
returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, auditors
may also contain Auditing providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Auditing providers will be moved to this security realm. Similarly, auditors
can be missing some of this security realm's current Auditing providers. All missing Auditing providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.InvalidAttributeValueException
String[] getAuditorTypes()
weblogic.security.providers.audit.DefaultAuditor
. Use this method to find the available types to pass to createAuditor
AuditorMBean createAuditor(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Auditing provider, for example, DefaultAuditor
type
- - The type of this Auditing provider, for example, weblogic.security.providers.audit.DefaultAuditor
Use getAuditorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuditorMBean createAuditor(String type) throws ClassNotFoundException, JMException
type
- - The type of this Auditing provider, for example, weblogic.security.providers.audit.DefaultAuditor
Use getAuditorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuditor(AuditorMBean auditor)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Auditing providers.auditor
- - The Auditing provider to remove.AuditorMBean lookupAuditor(String name)
name
-AuthenticationProviderMBean[] getAuthenticationProviders()
void setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders) throws InvalidAttributeValueException
authenticationProviders
- - The new invocation order for this security realm's Authentication providers. It should contain exactly the same Authentication providers that getAuthenticationProviders()
returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, authenticationProviders
may also contain Authentication providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Authentication providers will be moved to this security realm. Similarly, authenticationProviders
can be missing some of this security realm's current Authentication providers. All missing Authentication providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.InvalidAttributeValueException
String[] getAuthenticationProviderTypes()
weblogic.security.providers.authentication.DefaultAuthenticator
. Use this method to find the available types to pass to createAuthenticationProvider
AuthenticationProviderMBean createAuthenticationProvider(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Authentication provider, for example, DefaultAuthenticator
type
- - The type of this Authentication provider, for example, weblogic.security.providers.authentication.DefaultAuthenticator
Use getAuthenticationProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuthenticationProviderMBean createAuthenticationProvider(String type) throws ClassNotFoundException, JMException
type
- - The type of this Authentication provider, for example, weblogic.security.providers.authentication.DefaultAuthenticator
Use getAuthenticationProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Authentication providers.authenticationProvider
- - The Authentication provider to remove.AuthenticationProviderMBean lookupAuthenticationProvider(String name)
name
-RoleMapperMBean[] getRoleMappers()
void setRoleMappers(RoleMapperMBean[] roleMappers) throws InvalidAttributeValueException
roleMappers
- - The new invocation order for this security realm's Role Mapping providers. It should contain exactly the same Role Mapping providers that getRoleMappers()
returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, roleMappers
may also contain Role Mapping providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Role Mapping providers will be moved to this security realm. Similarly, roleMappers
can be missing some of this security realm's current Role Mapping providers. All missing Role Mapping providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.InvalidAttributeValueException
String[] getRoleMapperTypes()
weblogic.security.providers.authorization.DefaultRoleMapper
. Use this method to find the available types to pass to createRoleMapper
RoleMapperMBean createRoleMapper(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Role Mapping provider, for example, DefaultRoleMapper
type
- - The type of this Role Mapping provider, for example, weblogic.security.providers.authorization.DefaultRoleMapper
Use getRoleMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
RoleMapperMBean createRoleMapper(String type) throws ClassNotFoundException, JMException
type
- - The type of this Role Mapping provider, for example, weblogic.security.providers.authorization.DefaultRoleMapper
Use getRoleMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyRoleMapper(RoleMapperMBean roleMapper)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Role Mapping providers.roleMapper
- - The Role Mapping provider to remove.RoleMapperMBean lookupRoleMapper(String name)
name
-AuthorizerMBean[] getAuthorizers()
void setAuthorizers(AuthorizerMBean[] authorizers) throws InvalidAttributeValueException
authorizers
- - The new invocation order for this security realm's Authorization providers. It should contain exactly the same Authorization providers that getAuthorizers()
returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, authorizers
may also contain Authorization providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Authorization providers will be moved to this security realm. Similarly, authorizers
can be missing some of this security realm's current Authorization providers. All missing Authorization providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.InvalidAttributeValueException
String[] getAuthorizerTypes()
weblogic.security.providers.authorization.DefaultAuthorizer
. Use this method to find the available types to pass to createAuthorizer
AuthorizerMBean createAuthorizer(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Authorization provider, for example, DefaultAuthorizer
type
- - The type of this Authorization provider, for example, weblogic.security.providers.authorization.DefaultAuthorizer
Use getAuthorizerTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuthorizerMBean createAuthorizer(String type) throws ClassNotFoundException, JMException
type
- - The type of this Authorization provider, for example, weblogic.security.providers.authorization.DefaultAuthorizer
Use getAuthorizerTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuthorizer(AuthorizerMBean authorizer)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Authorization providers.authorizer
- - The Authorization provider to remove.AuthorizerMBean lookupAuthorizer(String name)
name
-AdjudicatorMBean getAdjudicator()
String[] getAdjudicatorTypes()
weblogic.security.providers.authorization.DefaultAdjudicator
. Use this method to find the available types to pass to createAdjudicator
AdjudicatorMBean createAdjudicator(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Adjudication provider, for example, DefaultAdjudicator
type
- - The type of this Adjudication provider, for example, weblogic.security.providers.authorization.DefaultAdjudicator
Use getAdjudicatorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AdjudicatorMBean createAdjudicator(String type) throws ClassNotFoundException, JMException
type
- - The type of this Adjudication provider, for example, weblogic.security.providers.authorization.DefaultAdjudicator
Use getAdjudicatorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAdjudicator()
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Adjudication provider.CredentialMapperMBean[] getCredentialMappers()
void setCredentialMappers(CredentialMapperMBean[] credentialMappers) throws InvalidAttributeValueException
credentialMappers
- - The new invocation order for this security realm's Credential Mapping providers. It should contain exactly the same Credential Mapping providers that getCredentialMappers()
returns, except in a different order. Note: For the purpose of backward compatibility with previous releases of WebLogic Server, credentialMappers
may also contain Credential Mapping providers that do not already belong to this security realm and are not contained by another security realm. In this circumstance, these Credential Mapping providers will be moved to this security realm. Similarly, credentialMappers
can be missing some of this security realm's current Credential Mapping providers. All missing Credential Mapping providers will be removed from this security realm. These behaviors are deprecated in this release of WebLogic Server and will be removed in a future release.InvalidAttributeValueException
String[] getCredentialMapperTypes()
weblogic.security.providers.credentials.DefaultCredentialMapper
. Use this method to find the available types to pass to createCredentialMapper
CredentialMapperMBean createCredentialMapper(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Credential Mapping provider, for example, DefaultCredentialMapper
type
- - The type of this Credential Mapping provider, for example, weblogic.security.providers.credentials.DefaultCredentialMapper
Use getCredentialMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
CredentialMapperMBean createCredentialMapper(String type) throws ClassNotFoundException, JMException
type
- - The type of this Credential Mapping provider, for example, weblogic.security.providers.credentials.DefaultCredentialMapper
Use getCredentialMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyCredentialMapper(CredentialMapperMBean credentialMapper)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Credential Mapping providers.credentialMapper
- - The Credential Mapping provider to remove.CredentialMapperMBean lookupCredentialMapper(String name)
name
-CertPathProviderMBean[] getCertPathProviders()
void setCertPathProviders(CertPathProviderMBean[] certPathProviders) throws InvalidAttributeValueException
certPathProviders
- - The new invocation order for this security realm's Certification Path providers. It should contain exactly the same Certification Path providers that getCertPathProviders()
returns, except in a different order.InvalidAttributeValueException
String[] getCertPathProviderTypes()
weblogic.security.providers.pk.WebLogicCertPathProvider
. Use this method to find the available types to pass to createCertPathProvider
CertPathProviderMBean createCertPathProvider(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Certification Path provider, for example, WebLogicCertPathProvider
type
- - The type of this Certification Path provider, for example, weblogic.security.providers.pk.WebLogicCertPathProvider
Use getCertPathProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
CertPathProviderMBean createCertPathProvider(String type) throws ClassNotFoundException, JMException
The active security realm must contain at least one Certification Path provider that is a CertPath Builder provider and at least one Certificate Path provider that is a CertPath Validator provider.
type
- - The type of this Certification Path provider, for example, weblogic.security.providers.pk.WebLogicCertPathProvider
Use getCertPathProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyCertPathProvider(CertPathProviderMBean certPathProvider)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Certification Path providers.
If certPathProvider
has been selected as this security realm's CertPathBuilder
, then this security realm's will have no CertPathBuilder
.
certPathProvider
- - The Certification Path provider to remove.CertPathProviderMBean lookupCertPathProvider(String name)
name
-CertPathBuilderMBean getCertPathBuilder()
CertPathProviders
.void setCertPathBuilder(CertPathBuilderMBean certPathBuilder) throws InvalidAttributeValueException
CertPathProviders
will be used by the security system to build certification paths. The provider must implement weblogic.management.security.pk.CertPathBuilder
.certPathBuilder
- - The new CertPath Builder for this security realm. If null, this security realm will have no configured CertPathBuilder
.InvalidAttributeValueException
RealmMBean.getCertPathBuilder()
UserLockoutManagerMBean getUserLockoutManager()
boolean isDeployRoleIgnored()
void setDeployRoleIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy role ignored valueInvalidAttributeValueException
RealmMBean.isDeployRoleIgnored()
boolean isDeployPolicyIgnored()
void setDeployPolicyIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy policy ignored valueInvalidAttributeValueException
RealmMBean.isDeployPolicyIgnored()
boolean isDeployCredentialMappingIgnored()
void setDeployCredentialMappingIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy credential mapping ignored value.InvalidAttributeValueException
RealmMBean.isDeployCredentialMappingIgnored()
boolean isFullyDelegateAuthorization()
If false the containers are free to only call the security framework when security is set in the deployment descriptors.
void setFullyDelegateAuthorization(boolean fullyDelegate) throws InvalidAttributeValueException
fullyDelegate
- - the new fully delegate authorization value.InvalidAttributeValueException
RealmMBean.isFullyDelegateAuthorization()
boolean isValidateDDSecurityData()
Not used in this release.
void setValidateDDSecurityData(boolean validate) throws InvalidAttributeValueException
validate
- - the new validate deployment descriptor security data value.InvalidAttributeValueException
RealmMBean.isValidateDDSecurityData()
String getSecurityDDModel()
Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.
Note: If you deploy a module by modifying the domain's config.xml
file and restarting the server, and if you do not specify a security model value for the module in config.xml
, the module is secured with the default value of the AppDeploymentMBean SecurityDDModel
attribute (see getSecurityDDModel
).
Choose one of these security models:
Deployment Descriptors Only (DDOnly)
Customize Roles Only (CustomRoles)
Customize Roles and Policies (CustomRolesAndPolicies)
Advanced (Advanced)
You configure how this model behaves by setting values for the following options:
When Deploying Web Applications or EJBs
Note: When using the WebLogic Scripting Tool or JMX APIs, there is no single MBean attribute for this setting. Instead, you must set the values for the DeployPolicyIgnored
and DeployRoleIgnored
attributes of RealmMBean
.
Check Roles and Policies (FullyDelegateAuthorization)
Combined Role Mapping Enabled (CombinedRoleMappingEnabled)
You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.
Note: Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.
RealmMBean.isDeployPolicyIgnored()
, RealmMBean.isDeployRoleIgnored()
, RealmMBean.isFullyDelegateAuthorization()
, RealmMBean.isCombinedRoleMappingEnabled()
void setSecurityDDModel(String model) throws InvalidAttributeValueException
model
- - the new default security deployment model.InvalidAttributeValueException
RealmMBean.getSecurityDDModel()
boolean isCombinedRoleMappingEnabled()
Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.
When enabled:
OR
operator.web.xml
file specify a role for which no mapping exists in the weblogic.xml
file, the Web application container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access URL patterns that are secured by such policies.ejb-jar.xml
file specify a role for which no mapping exists in the weblogic-ejb-jar.xml
file, the EJB container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access methods that are secured by such policies.When disabled:
<externally-defined>
descriptor element.If one or more policies in the web.xml
file specify a role for which no role mapping exists in the weblogic.xml
file, the Web application container assumes that the undefined role is the name of a principal. It therefore maps the assumed principal to the role name. For example, if the web.xml
file contains the following stanza in one of its policies:
<auth-constraint>
<role-name>PrivilegedUser</role-name>
</auth-constraint>
but, if the weblogic.xml
file has no role mapping for PrivilegedUser
, then the Web application container creates an in-memory mapping that is equivalent to the following stanza:
<security-role-assignment>
<role-name>PrivilegedUser</role-name>
<principal-name>PrivilegedUser</principal-name>
</security-role-assignment>
weblogic-ejb-jar.xml
file. Role mappings defined in the other containers are not used unless defined by the <externally-defined>
descriptor element.void setCombinedRoleMappingEnabled(boolean combined) throws InvalidAttributeValueException
If false the containers need enternally defined mappings to use application role mappings.
combined
- - the new combined role mapping value.InvalidAttributeValueException
RealmMBean.isCombinedRoleMappingEnabled()
void validate() throws ErrorCollectionException
ErrorCollectionException
- if this security realm is not valid. The exception contains a list of <code?java.lang.Exception, one for each reason this security realm is not valid. The text of each exception describes the problem.boolean isDefaultRealm()
SecurityConfigurationMBean.getDefaultRealm()
weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm
.void setDefaultRealm(boolean isDefault) throws InvalidAttributeValueException
SecurityConfigurationMBean.setDefaultRealm(weblogic.management.security.RealmMBean)
weblogic.management.configuration.SecurityConfigurationMBean.setDefautlRealm
.isDefault
- - whether or not this security realm is the Default realm for the WebLogic domain.InvalidAttributeValueException
boolean isEnableWebLogicPrincipalValidatorCache()
Returns whether the WebLogic Principal Validator caching is enabled.
The Principal Validator is used by Oracle supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.
void setEnableWebLogicPrincipalValidatorCache(boolean enabled) throws InvalidAttributeValueException
enabled
- - the new enable weblogic principal validator cache value.InvalidAttributeValueException
RealmMBean.isEnableWebLogicPrincipalValidatorCache()
Integer getMaxWebLogicPrincipalsInCache()
EnableWebLogicPrincipalValidatorCache
is set to true
void setMaxWebLogicPrincipalsInCache(Integer size) throws InvalidAttributeValueException
size
- - the new weblogic principals maximum cache sizeInvalidAttributeValueException
RealmMBean.getMaxWebLogicPrincipalsInCache()
String getName()
getName
in interface StandardInterface
boolean isDelegateMBeanAuthorization()
Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.
You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.
If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.
void setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization) throws InvalidAttributeValueException
deleteMBeanAuthorization
- - the new delegate MBean authorization value.InvalidAttributeValueException
RealmMBean.isDelegateMBeanAuthorization()
String getAuthMethods()
void setAuthMethods(String methods)
RDBMSSecurityStoreMBean getRDBMSSecurityStore()
RealmMBean.createRDBMSSecurityStore()
RDBMSSecurityStoreMBean createRDBMSSecurityStore() throws JMException
destroyRDBMSSecurityStore
operation. The new security store MBean will have this realm as its parent.JMException
- if an error occurs when creating a RDBMS security storeRealmMBean.destroyRDBMSSecurityStore()
RDBMSSecurityStoreMBean createRDBMSSecurityStore(String name) throws JMException
destroyRDBMSSecurityStore
operation. The new security store MBean will have this realm as its parent.name
- the name of this RDBMS security storeJMException
- if an error occurs when creating a RDBMS security storeRealmMBean.destroyRDBMSSecurityStore()
void destroyRDBMSSecurityStore()
RealmMBean.createRDBMSSecurityStore()
PasswordValidatorMBean createPasswordValidator(String name, String type) throws ClassNotFoundException, JMException
name
- String The name for the given Password Validator provider MBeantype
- String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes
ClassNotFoundException
JMException
PasswordValidatorMBean createPasswordValidator(String type) throws ClassNotFoundException, JMException
type
- String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes
ClassNotFoundException
JMException
String[] getPasswordValidatorTypes()
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator
. Use this method to find the available types to pass to createPasswordValidator
PasswordValidatorMBean[] getPasswordValidators()
void setPasswordValidators(PasswordValidatorMBean[] passwordvalidators) throws InvalidAttributeValueException
passwordvalidators
- - The password validator providers to be set for this security realm.InvalidAttributeValueException
PasswordValidatorMBean lookupPasswordValidator(String name)
name
- String The name of a Password Validator provider MBeanvoid destroyPasswordValidator(PasswordValidatorMBean provider)
provider
- PasswordValidatorMBean The Password Validator provider to removeboolean isDeployableProviderSynchronizationEnabled()
Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
The Authorization and Role Mapping providers may or may not support parallel security policy and role modification, respectively, in the security provider database. If the security providers do not support parallel modification, the WebLogic Security Framework enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.
void setDeployableProviderSynchronizationEnabled(boolean enabled) throws InvalidAttributeValueException
enabled
- - the new value indicating whether the synchronization for deployable Authorization and Role Mapping providers is enabledInvalidAttributeValueException
RealmMBean.isDeployableProviderSynchronizationEnabled()
Integer getDeployableProviderSynchronizationTimeout()
DeployableProviderSynchronizationEnabled
is set to true
void setDeployableProviderSynchronizationTimeout(Integer timeout) throws InvalidAttributeValueException
timeout
- - the new timeout value (in milliseconds)InvalidAttributeValueException
RealmMBean.getDeployableProviderSynchronizationTimeout()
boolean isAutoRestartOnNonDynamicChanges()
Specifies whether the Realm will be auto-restarted if non-dynamic changes are made to the realm or providers within the realm.
void setAutoRestartOnNonDynamicChanges(boolean autorestart)
Sets the value of the AutoRestartOnNonDynamicChanges attribute.
autorestart
- The new AutoRestartOnNonDynamicChanges valueRealmMBean.isAutoRestartOnNonDynamicChanges()
int getRetireTimeoutSeconds()
Specifies the retire timeout for a realm that is restarted. The old realm will be shutdown after the specified timeout period has elapsed.
void setRetireTimeoutSeconds(int timeout)
Sets the value of the RetireTimeoutSeconds attribute.
timeout
- The new Retire Timeout Seconds valueRealmMBean.getRetireTimeoutSeconds()
|
Copyright 1996, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.2.1) Part Number E55141-01 P4 Change 1723563 on 2015/10/09 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |