Security Realms: Security Store
Configuration Options Related Tasks Related Topics
Use this page to configure the RDBMS security store for this security realm.
Before you use this page to configure the RDBMS security store, you must have a domain created as described in Related Tasks.
Configuration Options
Name Description RDBMS Security Store Enabled Specifies whether a subset of the WebLogic security providers uses an external RDBMS as a datastore.
This setting controls the location in which the following security providers store their security data:
- XACML Authorization and Role Mapping providers
- WebLogic Credential Mapping provider
- PKI Credential Mapping provider
- SAML 1.1 providers: SAML Identity Assertion provider V2, and SAML Credential Mapping provider V2
- SAML 2.0 providers: SAML 2.0 Identity Assertion provider, and SAML 2.0 Credential Mapping provider
- Certificate Registry
If you select RDBMS Security Store Enabled, any of the preceding security providers that are created in the domain use only the RDBMS security store as a datastore for the security information that they manage, and not the embedded LDAP server. If you enable this attribute, note the following:
- WebLogic Server does not support the ability to override the use of the RDBMS security store for any of the providers in the preceding list.
- This attribute has no effect on any security provider that is not in the preceding list. For example, the WebLogic Authentication provider will continue to use the embedded LDAP server.
User Name The username to use when connecting to the datastore.
MBean Attribute:
RDBMSSecurityStoreMBean.Username
Changes take effect after you redeploy the module or restart the server.
Password The password for the user specified in the
Username
attribute for connecting to the datastore.When getting the value of this attribute, WebLogic Server does the following:
Retrieves the value of the
PasswordEncrypted
attribute.Decrypts the value and returns the unencrypted password as a String.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the
PasswordEncrypted
attribute to the encrypted value.Note that use of the
Password
attribute is a potential security risk because the String object that contains the unencrypted password remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.Instead of using this attribute, use
PasswordEncrypted
.MBean Attribute:
RDBMSSecurityStoreMBean.Password
Changes take effect after you redeploy the module or restart the server.
Connection URL The URL of the database to which to connect. The format of the URL varies by JDBC driver.
The URL is passed to the JDBC driver to create the physical database connections.
MBean Attribute:
RDBMSSecurityStoreMBean.ConnectionURL
Changes take effect after you redeploy the module or restart the server.
Driver Name The full package name of the JDBC driver class used to create the physical database connections in the connection pool. Note that this driver class must be in the classpath of any server to which it is deployed.
For example:
oracle.jdbc.OracleDriver
com.microsoft.sqlserver.jdbc.SQLServerDriver
It must be the name of a class that implements the
java.sql.Driver
interface. The full pathname of the JDBC driver is available in the documentation.MBean Attribute:
RDBMSSecurityStoreMBean.DriverName
Changes take effect after you redeploy the module or restart the server.
Connection Properties The JDBC driver specific connection parameters. This attribute is a comma-delimited list of key-value properties to pass to the driver for configuration of JDBC connection pool, in the form of xxKey=xxValue, xxKey=xxValue. The syntax of the attribute will be validated and an
InvalidAttributeValueException
is thrown if the check failed.MBean Attribute:
RDBMSSecurityStoreMBean.ConnectionProperties
Changes take effect after you redeploy the module or restart the server.
JNDI User Name The JNDI user name used for Kodo notification.
MBean Attribute:
RDBMSSecurityStoreMBean.JNDIUsername
Changes take effect after you redeploy the module or restart the server.
JNDI Password The password to authenticate the user defined in the
JNDIUsername
attribute for Kodo notification.When getting the value of this attribute, WebLogic Server does the following:
Retrieves the value of the
JNDIPasswordEncrypted
attribute.Decrypts the value and returns the unencrypted password as a String.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the
JNDIPasswordEncrypted
attribute to the encrypted value.Using this attribute (
JNDIPassword
) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.Instead of using this attribute, use
JNDIPasswordEncrypted
.MBean Attribute:
RDBMSSecurityStoreMBean.JNDIPassword
Changes take effect after you redeploy the module or restart the server.
JMS Topic The JMS topic to which the Kodo remote commit provider should publish notifications and subscribe for notifications sent from other JVMs. This setting varies depending on the application server in use.
MBean Attribute:
RDBMSSecurityStoreMBean.JMSTopic
Changes take effect after you redeploy the module or restart the server.
JMS Topic Connection Factory The JNDI name of a
javax.jms.TopicConnectionFactory
instance to use for finding JMS topics. This setting varies depending on the application server in use. Consult the JMS documentation for details about how this parameter should be specified.MBean Attribute:
RDBMSSecurityStoreMBean.JMSTopicConnectionFactory
Changes take effect after you redeploy the module or restart the server.
JMS Connection Reconnect Attempts The number of times to attempt to reconnect if the JMS system notifies Kodo of a serious connection error. The default is 0, and by default the error is logged but ignored. The value cannot be less than 0.
MBean Attribute:
RDBMSSecurityStoreMBean.JMSExceptionReconnectAttempts
Minimum value:
0
Changes take effect after you redeploy the module or restart the server.
Notification Properties The comma-delimited list of key-value properties to pass to the JNDI InitialContext on construction, in the form of xxKey=xxValue, xxKey=xxValue.
The following are examples of keys:
java.naming.provider.url:
property for specifying configuration information for the service provider to use. The value of the property should contain a URL string (For example:
iiops://localhost:7002
).java.naming.factory.initial:
property for specifying the initial context factory to use. The value of the property should be the fully qualified class name of the factory class that will create an initial context (For example:
weblogic.jndi.WLInitialContextFactory
).
When setting the attribute, the syntax of its value is validated, and an
InvalidAttributeValueException
is thrown if the check fails.MBean Attribute:
RDBMSSecurityStoreMBean.NotificationProperties
Changes take effect after you redeploy the module or restart the server.