| 
 | Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.1.3) Part Number E41849-02 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
public interface DefaultIdentityAsserterMBean
The MBean that represents configuration atrributes for the WebLogic Identity Assertion provider. The WebLogic Identity Assertion provider supports identity assertion using X.509 certificates and CORBA Common Secure Interoperability version 2 (CS1 v2). The class also contains attributes for the default user name mapping class plus the list of trusted client principals.
This is a type-safe interface for a       WebLogic Server MBean, which you can import into your client classes and       access through weblogic.management.MBeanHome. As of 9.0,       the MBeanHome interface and all type-safe interfaces for       WebLogic Server MBeans are deprecated. Instead, client classes that       interact with WebLogic Server MBeans should use standard JMX design       patterns in which clients use the       javax.management.MBeanServerConnection interface to       discover MBeans, attributes, and attribute types at runtime.
| Method Summary | |
|---|---|
|  String | getDefaultUserNameMapperAttributeDelimiter()The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. | 
|  String | getDefaultUserNameMapperAttributeType()The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. | 
|  String | getDescription()A short description of the Identity Assertion provider. | 
|  String | getDigestDataSourceName()The name of the data source to use for storage digest values. | 
|  int | getDigestExpirationTimePeriod()Determines how long digests are valid. | 
|  String | getName()The name of this configuration. | 
|  String | getProviderClassName()The name of the Java class used to load the Identity Assertion provider. | 
|  String[] | getSupportedTypes()The token types supported by the Identity Assertion provider. | 
|  String[] | getTrustedClientPrincipals()The list of trusted client principals to use in CSI v2 identity assertion. | 
|  String | getUserNameMapperClassName()The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names. | 
|  String | getVersion()The version number of the Identity Assertion provider. | 
|  boolean | isDigestReplayDetectionEnabled()Enables the storage of the digest nonce values used to detect replay attacks. | 
|  boolean | isUseDefaultUserNameMapper()Uses the user name mapping class provided by WebLogic Server. | 
|  boolean | isVirtualUserAllowed()Determines whether to authenticate Weblogic Server users accessing via identity assertion, which are not represented in the security store. | 
|  void | setDefaultUserNameMapperAttributeDelimiter(String newValue)The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. | 
|  void | setDefaultUserNameMapperAttributeType(String newValue)The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name. | 
|  void | setDigestDataSourceName(String newValue)The name of the data source to use for storage digest values. | 
|  void | setDigestExpirationTimePeriod(int newValue)Determines how long digests are valid. | 
|  void | setDigestReplayDetectionEnabled(boolean newValue)Enables the storage of the digest nonce values used to detect replay attacks. | 
|  void | setTrustedClientPrincipals(String[] newValue)The list of trusted client principals to use in CSI v2 identity assertion. | 
|  void | setUseDefaultUserNameMapper(boolean newValue)Uses the user name mapping class provided by WebLogic Server. | 
|  void | setUserNameMapperClassName(String newValue)The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names. | 
|  void | setVirtualUserAllowed(boolean newValue)Determines whether to authenticate Weblogic Server users accessing via identity assertion, which are not represented in the security store. | 
| Methods inherited from interface weblogic.descriptor.DescriptorBean | 
|---|
| addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener | 
| Methods inherited from interface weblogic.descriptor.SettableBean | 
|---|
| isSet, unSet | 
| Methods inherited from interface weblogic.management.security.authentication.IdentityAsserterMBean | 
|---|
| getActiveTypes, getBase64DecodingRequired, setActiveTypes, setBase64DecodingRequired | 
| Methods inherited from interface weblogic.management.security.ProviderMBean | 
|---|
| getRealm | 
| Methods inherited from interface weblogic.descriptor.DescriptorBean | 
|---|
| addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener | 
| Methods inherited from interface weblogic.descriptor.SettableBean | 
|---|
| isSet, unSet | 
| Method Detail | 
|---|
String getProviderClassName()
The name of the Java class used to load the Identity Assertion provider.
String getDescription()
A short description of the Identity Assertion provider.
getDescription in interface ProviderMBeanString getVersion()
The version number of the Identity Assertion provider.
getVersion in interface ProviderMBeanString[] getSupportedTypes()
The token types supported by the Identity Assertion provider.
getSupportedTypes in interface IdentityAsserterMBeanString getUserNameMapperClassName()
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
void setUserNameMapperClassName(String newValue)
                                throws InvalidAttributeValueException
The name of the Java class that maps X.509 digital certificates and X.501 distinguished names to WebLogic user names.
newValue - - new value for attribute UserNameMapperClassName
InvalidAttributeValueExceptionString[] getTrustedClientPrincipals()
The list of trusted client principals to use in CSI v2 identity assertion.
The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
void setTrustedClientPrincipals(String[] newValue)
                                throws InvalidAttributeValueException
The list of trusted client principals to use in CSI v2 identity assertion.
The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.
newValue - - new value for attribute TrustedClientPrincipals
InvalidAttributeValueExceptionboolean isUseDefaultUserNameMapper()
Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired.
If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.
void setUseDefaultUserNameMapper(boolean newValue)
                                 throws InvalidAttributeValueException
Uses the user name mapping class provided by WebLogic Server. The default user name mapping class only validates that a certificate has not expired.
If you require additional validation, you need to write your own user name mapping class. Writing your own user name mapping class also allows you to specify what attribute in the subject DN of the certificate is used to map to the user name.
newValue - - new value for attribute UseDefaultUserNameMapper
InvalidAttributeValueExceptionString getDefaultUserNameMapperAttributeType()
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
void setDefaultUserNameMapperAttributeType(String newValue)
                                           throws InvalidAttributeValueException
The name of the attribute from the subject DN to use when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
newValue - - new value for attribute DefaultUserNameMapperAttributeType
InvalidAttributeValueExceptionString getDefaultUserNameMapperAttributeDelimiter()
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
void setDefaultUserNameMapperAttributeDelimiter(String newValue)
                                                throws InvalidAttributeValueException
The delimiter that ends the attribute value when mapping from the X.509 certificate or X.500 name token to the WebLogic user name.
newValue - - new value for attribute DefaultUserNameMapperAttributeDelimiter
InvalidAttributeValueExceptionboolean isDigestReplayDetectionEnabled()
Enables the storage of the digest nonce values used to detect replay attacks.
If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.
void setDigestReplayDetectionEnabled(boolean newValue)
                                     throws InvalidAttributeValueException
Enables the storage of the digest nonce values used to detect replay attacks.
If this setting is enabled, you must configure a data source to store the nonces for the specified expiration period. WebLogic Server then stores all the nonces from digest authentication attempts for all the machines in the domain. On each digest authentication attempt, the nonce is validated against the stored nonces. If the nonce is present, a replay attack has occurred and the digest authentication attempt fails.
newValue - - new value for attribute DigestReplayDetectionEnabled
InvalidAttributeValueExceptionint getDigestExpirationTimePeriod()
Determines how long digests are valid.
A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.
void setDigestExpirationTimePeriod(int newValue)
                                   throws InvalidAttributeValueException
Determines how long digests are valid.
A digest that was created before the specified time will not be valid. This setting impacts how long previous digest values must be stored in the database for use in detecting replay attacks.
newValue - - new value for attribute DigestExpirationTimePeriod
InvalidAttributeValueExceptionString getDigestDataSourceName()
The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.
void setDigestDataSourceName(String newValue)
                             throws InvalidAttributeValueException
The name of the data source to use for storage digest values. These digest values are used to detect replay attacks.
newValue - - new value for attribute DigestDataSourceName
InvalidAttributeValueExceptionboolean isVirtualUserAllowed()
Determines whether to authenticate Weblogic Server users accessing via identity assertion, which are not represented in the security store.
If this setting is enabled, Weblogic Server users not represented in the security store, will be authenticated. Note that in addition to this attribute, Subject Component mapper classes, which are a type of user name mapper, may disallow virtual users based on the token.
void setVirtualUserAllowed(boolean newValue)
                           throws InvalidAttributeValueException
Determines whether to authenticate Weblogic Server users accessing via identity assertion, which are not represented in the security store.
If this setting is enabled, Weblogic Server users not represented in the security store, will be authenticated. Note that in addition to this attribute, Subject Component mapper classes, which are a type of user name mapper, may disallow virtual users based on the token.
newValue - - new value for attribute VirtualUserAllowed
InvalidAttributeValueExceptionString getName()
ProviderMBean
getName in interface ProviderMBeangetName in interface StandardInterface| 
 | Copyright 1996, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Java API Reference for Oracle WebLogic Server 12c (12.1.3) Part Number E41849-02 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||