Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Security Realms: Security Store

Configuration Options     Related Tasks     Related Topics

Use this page to configure the RDBMS security store for this security realm.

Before you use this page to configure the RDBMS security store, you must have a domain created as described in Related Tasks.

Configuration Options

Name Description
RDBMS Security Store Enabled

Specifies whether a subset of the WebLogic security providers uses an external RDBMS as a datastore.

This setting controls the location in which the following security providers store their security data:

  • XACML Authorization and Role Mapping providers
  • WebLogic Credential Mapping provider
  • PKI Credential Mapping provider
  • SAML 1.1 providers: SAML Identity Assertion provider V2, and SAML Credential Mapping provider V2
  • SAML 2.0 providers: SAML 2.0 Identity Assertion provider, and SAML 2.0 Credential Mapping provider
  • Certificate Registry

If you select RDBMS Security Store Enabled, any of the preceding security providers that are created in the domain use only the RDBMS security store as a datastore for the security information that they manage, and not the embedded LDAP server. If you enable this attribute, note the following:

  • WebLogic Server does not support the ability to override the use of the RDBMS security store for any of the providers in the preceding list.
  • This attribute has no effect on any security provider that is not in the preceding list. For example, the WebLogic Authentication provider will continue to use the embedded LDAP server.
User Name

The username to use when connecting to the datastore.

MBean Attribute:
RDBMSSecurityStoreMBean.Username

Changes take effect after you redeploy the module or restart the server.

Password

The password for the user specified in the Username attribute for connecting to the datastore.

When getting the value of this attribute, WebLogic Server does the following:

  1. Retrieves the value of the PasswordEncrypted attribute.

  2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

  1. Encrypts the value.

  2. Sets the value of the PasswordEncrypted attribute to the encrypted value.

Note that use of the Password attribute is a potential security risk because the String object that contains the unencrypted password remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use PasswordEncrypted.

MBean Attribute:
RDBMSSecurityStoreMBean.Password

Changes take effect after you redeploy the module or restart the server.

Connection URL

The URL of the database to which to connect. The format of the URL varies by JDBC driver.

The URL is passed to the JDBC driver to create the physical database connections.

MBean Attribute:
RDBMSSecurityStoreMBean.ConnectionURL

Changes take effect after you redeploy the module or restart the server.

Driver Name

The full package name of the JDBC driver class used to create the physical database connections in the connection pool. Note that this driver class must be in the classpath of any server to which it is deployed.

For example:

  1. oracle.jdbc.OracleDriver
  2. com.microsoft.sqlserver.jdbc.SQLServerDriver

It must be the name of a class that implements the java.sql.Driver interface. The full pathname of the JDBC driver is available in the documentation.

MBean Attribute:
RDBMSSecurityStoreMBean.DriverName

Changes take effect after you redeploy the module or restart the server.

Connection Properties

The JDBC driver specific connection parameters. This attribute is a comma-delimited list of key-value properties to pass to the driver for configuration of JDBC connection pool, in the form of xxKey=xxValue, xxKey=xxValue. The syntax of the attribute will be validated and an InvalidAttributeValueException is thrown if the check failed.

MBean Attribute:
RDBMSSecurityStoreMBean.ConnectionProperties

Changes take effect after you redeploy the module or restart the server.

JNDI User Name

The JNDI user name used for Kodo notification.

MBean Attribute:
RDBMSSecurityStoreMBean.JNDIUsername

Changes take effect after you redeploy the module or restart the server.

JNDI Password

The password to authenticate the user defined in the JNDIUsername attribute for Kodo notification.

When getting the value of this attribute, WebLogic Server does the following:

  1. Retrieves the value of the JNDIPasswordEncrypted attribute.

  2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

  1. Encrypts the value.

  2. Sets the value of the JNDIPasswordEncrypted attribute to the encrypted value.

Using this attribute (JNDIPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, use JNDIPasswordEncrypted.

MBean Attribute:
RDBMSSecurityStoreMBean.JNDIPassword

Changes take effect after you redeploy the module or restart the server.

JMS Topic

The JMS topic to which the Kodo remote commit provider should publish notifications and subscribe for notifications sent from other JVMs. This setting varies depending on the application server in use.

MBean Attribute:
RDBMSSecurityStoreMBean.JMSTopic

Changes take effect after you redeploy the module or restart the server.

JMS Topic Connection Factory

The JNDI name of a javax.jms.TopicConnectionFactory instance to use for finding JMS topics. This setting varies depending on the application server in use. Consult the JMS documentation for details about how this parameter should be specified.

MBean Attribute:
RDBMSSecurityStoreMBean.JMSTopicConnectionFactory

Changes take effect after you redeploy the module or restart the server.

JMS Connection Reconnect Attempts

The number of times to attempt to reconnect if the JMS system notifies Kodo of a serious connection error. The default is 0, and by default the error is logged but ignored. The value cannot be less than 0.

MBean Attribute:
RDBMSSecurityStoreMBean.JMSExceptionReconnectAttempts

Minimum value: 0

Changes take effect after you redeploy the module or restart the server.

Notification Properties

The comma-delimited list of key-value properties to pass to the JNDI InitialContext on construction, in the form of xxKey=xxValue, xxKey=xxValue.

The following are examples of keys:

  1. java.naming.provider.url:

    property for specifying configuration information for the service provider to use. The value of the property should contain a URL string (For example: iiops://localhost:7002).

  2. java.naming.factory.initial:

    property for specifying the initial context factory to use. The value of the property should be the fully qualified class name of the factory class that will create an initial context (For example: weblogic.jndi.WLInitialContextFactory).



When setting the attribute, the syntax of its value is validated, and an InvalidAttributeValueException is thrown if the check fails.

MBean Attribute:
RDBMSSecurityStoreMBean.NotificationProperties

Changes take effect after you redeploy the module or restart the server.

Related Tasks

Related Topics


Back to Top