Package weblogic.management.configuration

Interface SecurityConfigurationMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, javax.management.DynamicMBean, javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, RealmContainer, SettableBean, WebLogicMBean

public interface SecurityConfigurationMBean
extends ConfigurationMBean, RealmContainer

Provides domain-wide security configuration information.

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

Modifier and Type	Method	Description
RealmMBean	createRealm()	Creates a realm.
RealmMBean	createRealm(java.lang.String name)	Creates a realm.
void	destroyRealm(RealmMBean realm)	Destroys a realm.
RealmMBean	findDefaultRealm()	Deprecated. 9.0.0.0 Replaced by getDefaultRealm()
RealmMBean	findRealm(java.lang.String realmDisplayName)	Deprecated. 9.0.0.0 Replaced by lookupRealm(java.lang.String)
RealmMBean[]	findRealms()	Deprecated. 9.0.0.0 Replaced by getRealms()
byte[]	generateCredential()	Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
java.lang.String	getAdministrativeIdentityDomain()	Domain's administrative identity domain.
long	getBootAuthenticationMaxRetryDelay()	The maximum length of time, in milliseconds, the boot process will wait before retrying the authentication after a login server not available exception.
int	getBootAuthenticationRetryCount()	The maximum number of times the boot process will try to authenticate the boot user with the authentication providers.
CertRevocMBean	getCertRevoc()	Determines the domain's X509 certificate revocation checking configuration.
int	getCheckCertificatesExpirationDays()	Returns the number of days before certificate expiration that warnings should be issued.
int	getCheckCertificatesIntervalDays()	Returns the interval between checks for certificate expiration.
boolean	getCompatibilityConnectionFiltersEnabled()	Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.
java.lang.String	getConnectionFilter()	The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface).
java.lang.String[]	getConnectionFilterRules()	The rules used by any connection filter that implements the ConnectionFilterRulesListener interface.
boolean	getConnectionLoggerEnabled()	Specifies whether this WebLogic Server domain should log accepted connections.
int	getCrossDomainSecurityCacheTTL()	Returns the time-to-live (TTL), in seconds, of the Cross Domain Security subject cache.
RealmMBean	getDefaultRealm()	Returns the default security realm or null if no realm has been selected as the default security realm.
RealmMBean	getDefaultRealmInternal()
boolean	getDowngradeUntrustedPrincipals()	Whether or not to downgrade to anonymous principals that cannot be verified.
boolean	getEnforceStrictURLPattern()	Whether or not the system should enforce strict URL pattern or not.
boolean	getEnforceValidBasicAuthCredentials()	Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.
java.lang.String[]	getExcludedDomainNames()	Specifies a list of remote domains for which cross-domain check should not be applied.
JASPICMBean	getJASPIC()	Creates a Jaspic MBean from which AuthConfigProviders can be created and configured.
java.lang.String	getName()	The user-specified name of this MBean instance.
java.lang.String	getNodeManagerPassword()	The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
byte[]	getNodeManagerPasswordEncrypted()	The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
java.lang.String	getNodeManagerUsername()	The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
int	getNonceTimeoutSeconds()	Returns the value of the nonce timeout in seconds.
java.lang.String	getOutboundReferenceHostAllowList()	Returns a comma-separated list of hosts from which WebLogic Server may retrieve an object specified by a URL.
RealmMBean[]	getRealms()	Returns all the realms in the domain.
SecureModeMBean	getSecureMode()	Returns the SecureMode MBean that contains attributes that control the behavior of Secure Mode.
java.lang.String	getWebAppFilesCaseInsensitive()	This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies.
boolean	isAnonymousAdminLookupEnabled()	Deprecated. 12.2.1.0.0
boolean	isCheckIdentityCertificates()	Returns true if identity certificates should be checked periodically for expiration.
boolean	isCheckTrustCertificates()	Returns true if trust certificates should be checked periodically for expiration.
boolean	isClearTextCredentialAccessEnabled()	Returns true if allow access to credential in clear text.
boolean	isConnectionFilterIgnoreRuleErrorsEnabled()	Specifies whether the WebLogic Server should ignore filter rule errors during server startup.
boolean	isConsoleFullDelegationEnabled()	Deprecated. 14.1.2.0.0
boolean	isCrossDomainSecurityCacheEnabled()	Returns whether the Cross Domain Security subject cache is enabled.
boolean	isCrossDomainSecurityEnabled()	Indicates whether or not cross-domain security is enabled.
boolean	isIdentityDomainAwareProvidersRequired()	Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain.
boolean	isIdentityDomainDefaultEnabled()	Returns true if identity domain values should be defaulted for the Administrative Identity Domain, Partition Primary Identity Domain, and Default Authenticator Identity Domain attributes.
boolean	isPrincipalEqualsCaseInsensitive()	Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.
boolean	isPrincipalEqualsCompareDnAndGuid()	Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.
boolean	isRemoteAnonymousJNDIEnabled()	Returns true if remote anonymous JNDI access is permitted for list and modify operations.
boolean	isRemoteAnonymousRMIIIOPEnabled()	Returns true if remote anonymous RMI access via IIOP is permitted.
boolean	isRemoteAnonymousRMIT3Enabled()	Returns true if remote anonymous RMI access via T3 is permitted.
boolean	isTwoWayTLSRequiredForAdminClients()	Specifies whether the WebLogic Server domain should require 2 way TLS for admin clients.
boolean	isUseKSSForDemo()	Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).
RealmMBean	lookupRealm(java.lang.String name)	Finds a realm given it's name.
void	setAdministrativeIdentityDomain(java.lang.String identityDomain)	Set this domain's administrative identity domain.
void	setAnonymousAdminLookupEnabled(boolean permit)	Permits anonymous JNDI access to get the Admin MBean home.
void	setBootAuthenticationMaxRetryDelay(long millis)	Sets the boot authentication maximum retry delay time.
void	setBootAuthenticationRetryCount(int count)
void	setCheckCertificatesExpirationDays(int days)	Sets the number of days before certificate expiration that warnings should be issued.
void	setCheckCertificatesIntervalDays(int days)	Sets the interval between checks for certificate expiration.
void	setCheckIdentityCertificates(boolean check)	Sets the flag indicating that identity certificates should be checked.
void	setCheckTrustCertificates(boolean check)	Sets the flag indicating that trust certificates should be checked.
void	setClearTextCredentialAccessEnabled(boolean enabled)	Allow access to clear-text password.
void	setCompatibilityConnectionFiltersEnabled(boolean compatibility)
void	setConnectionFilter(java.lang.String filter)
void	setConnectionFilterIgnoreRuleErrorsEnabled(boolean ignoreFilterRuleError)
void	setConnectionFilterRules(java.lang.String[] filterList)
void	setConnectionLoggerEnabled(boolean logging)
void	setConsoleFullDelegationEnabled(boolean enabled)	Deprecated. 14.1.2.0.0
void	setCredential(java.lang.String credential)	As of 8.1 sp4, this method does the following:
void	setCredentialEncrypted(byte[] bytes)	Encrypts and sets the value of the CredentialEncrypted attribute.
void	setCrossDomainSecurityCacheEnabled(boolean enabled)	Specifies whether to enable the Local Domain Security subject cache.
void	setCrossDomainSecurityCacheTTL(int seconds)	Specifies the time-to-live (TTL), in seconds, of the Cross Domain Security subject cache.
void	setCrossDomainSecurityEnabled(boolean enabled)	Turns on/off the cross-domain security.
void	setDefaultRealm(RealmMBean defaultRealm)	Sets the default security realm.
void	setDefaultRealmInternal(RealmMBean def)
void	setDowngradeUntrustedPrincipals(boolean downgrade)
void	setEnforceStrictURLPattern(boolean enforceStrictURLPattern)
void	setEnforceValidBasicAuthCredentials(boolean allow)
void	setExcludedDomainNames(java.lang.String[] remoteDomains)	Specifies a list of remote domains for which cross-domain check should not be applied.
void	setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain)	Set whether providers must support the IdentityDomainAwareProviderMBean interface.
void	setIdentityDomainDefaultEnabled(boolean enabled)	Set whether identity domain default values are enabled
void	setNodeManagerPassword(java.lang.String password)	Sets the value of the NodeManagerPassword attribute.
void	setNodeManagerPasswordEncrypted(byte[] bytes)	Sets the value of the NodeManagerPassword attribute.
void	setNodeManagerUsername(java.lang.String username)	Sets the node manager username for the domain.
void	setNonceTimeoutSeconds(int timeout)	Sets the value of the nonce timeout in seconds.
void	setOutboundReferenceHostAllowList(java.lang.String value)	Specifies a comma-separated list of hosts from which WebLogic Server may retrieve an object specified by a URL.
void	setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive)	Sets the value of the PrincipalEqualsCaseInsensitive attribute.
void	setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid)	Sets the value of the UseGUIDandDNinEqual attribute.
void	setRemoteAnonymousJNDIEnabled(boolean permit)	Permits remote anonymous JNDI access.
void	setRemoteAnonymousRMIIIOPEnabled(boolean permit)	Permits remote anonymous RMI access via IIOP.
void	setRemoteAnonymousRMIT3Enabled(boolean permit)	Permits remote anonymous RMI access via T3.
void	setTwoWayTLSRequiredForAdminClients(boolean required)	Sets whether Two Way TLS is required for admin clients.
void	setUseKSSForDemo(boolean useKss)	Specifies that the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).
void	setWebAppFilesCaseInsensitive(java.lang.String caseInsensitive)	Sets the value for the WebAppFilesCaseInsensitive.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Method Detail

getSecureMode

SecureModeMBean getSecureMode()

Returns the SecureMode MBean that contains attributes that control the behavior of Secure Mode.

getJASPIC

JASPICMBean getJASPIC()

Creates a Jaspic MBean from which AuthConfigProviders can be created and configured.

createRealm

RealmMBean createRealm(java.lang.String name)
                throws javax.management.JMException

Creates a realm.

Parameters:

name - - The name of this realm, for example, myrealm

Throws:

javax.management.JMException

createRealm

RealmMBean createRealm()
                throws javax.management.JMException

Creates a realm. among all realms in the domain. If the name can be converted to a JMX object name, then it is used as the provider's JMX object name. The encouraged convention is: "Security:Name=realmDisplayName". For example: "Security:Name=myrealm". that will be displayed in the console).

Throws:

javax.management.JMException

destroyRealm

void destroyRealm(RealmMBean realm)

Destroys a realm. This does not destroy its providers or its user lockout manager.

Parameters:

realm -

getRealms

RealmMBean[] getRealms()

Returns all the realms in the domain.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

lookupRealm

RealmMBean lookupRealm(java.lang.String name)

Finds a realm given it's name. The name is often its JMX object name (e.g. Security:Name=myrealm)

Parameters:

name -

findRealms

@Deprecated
RealmMBean[] findRealms()

Deprecated.

9.0.0.0 Replaced by getRealms()

Returns all the realms in the domain.

All security roles can access this item.

findDefaultRealm

@Deprecated
RealmMBean findDefaultRealm()

Deprecated.

9.0.0.0 Replaced by getDefaultRealm()

Finds the default security realm. Returns null if a default security realm is not defined.

All security roles can access this item.

findRealm

@Deprecated
RealmMBean findRealm(java.lang.String realmDisplayName)

Deprecated.

9.0.0.0 Replaced by lookupRealm(java.lang.String)

Finds a realm by name (that is, by the display name of the realm). Returns null no realm with that name has been defined. Throws a configuration error if there are multiple matches.

Parameters:

realmDisplayName - A String containing the realm's display name.

All security roles can access this item.

getDefaultRealm

RealmMBean getDefaultRealm()

Returns the default security realm or null if no realm has been selected as the default security realm.

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setDefaultRealm

void setDefaultRealm(RealmMBean defaultRealm)
              throws javax.management.InvalidAttributeValueException

Sets the default security realm.

Parameters:

defaultRealm - The new default realm. Use null to specify that there is no default realm.

Throws:

javax.management.InvalidAttributeValueException

isAnonymousAdminLookupEnabled

@Deprecated
boolean isAnonymousAdminLookupEnabled()

Deprecated.

12.2.1.0.0

Returns true if anonymous JNDI access for Admin MBean home is permitted. This is overridden by the Java property -Dweblogic.management.anonymousAdminLookupEnabled.

Returns:

true if anonymous access is allowed, false otherwise

Default Value:

false

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setAnonymousAdminLookupEnabled

void setAnonymousAdminLookupEnabled(boolean permit)

Permits anonymous JNDI access to get the Admin MBean home.

Parameters:

permit - The new value.

See Also:

isAnonymousAdminLookupEnabled()

isClearTextCredentialAccessEnabled

boolean isClearTextCredentialAccessEnabled()

Returns true if allow access to credential in clear text. This can be overridden by the system property -Dweblogic.management.clearTextCredentialAccessEnabled

Returns:

true if allow access to clear-text password, false otherwise

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setClearTextCredentialAccessEnabled

void setClearTextCredentialAccessEnabled(boolean enabled)

Allow access to clear-text password.

Parameters:

enabled - The new value.

See Also:

isClearTextCredentialAccessEnabled()

generateCredential

byte[] generateCredential()

Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted

Returns:

a new encrypted byte array suitable for use as a domain credential.

setCredential

void setCredential(java.lang.String credential)
            throws javax.management.InvalidAttributeValueException

As of 8.1 sp4, this method does the following:

1. Encrypts the parameter value.
2. Sets the value of the CredentialEncrypted attribute to the encrypted parameter value.

Parameters:

credential - The new credential value

Throws:

javax.management.InvalidAttributeValueException

See Also:

getCredential(), setCredentialEncrypted(byte[] bytes)

setCredentialEncrypted

void setCredentialEncrypted(byte[] bytes)
                     throws javax.management.InvalidAttributeValueException

Encrypts and sets the value of the CredentialEncrypted attribute.

Parameters:

bytes - The new credential value as a byte array.

Throws:

javax.management.InvalidAttributeValueException

See Also:

getCredentialEncrypted()

getWebAppFilesCaseInsensitive

java.lang.String getWebAppFilesCaseInsensitive()

This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies. Note: This is a Windows-only flag that is provided for backward compatibility when upgrading from pre-9.0 versions of WebLogic Server. On Unix platforms, setting this value to true causes undesired behavior and is not supported. When the value is set to os, the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic Server does not enforce case sensitivity and relies on the file system for optimization. As a result, if you have a Windows Samba mount from Unix or Mac OS that has been installed in case-insensitive mode, there is a chance of a security risk. If so, specify case-insensitive lookups by setting this attribute to true. Note also that this property is used to preserve backward compatibility on Windows file systems only. In prior releases, WebLogic Server was case- insensitive on Windows. As of WebLogic Server 9.0, URL-pattern matching is strictly enforced. During the upgrade of older domains, the value of this parameter is explicitly set to os by the upgrade plug-in to preserve backward compatibility.

Default Value:

"false"

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

Valid Values:

"os", "true", "false"

setWebAppFilesCaseInsensitive

void setWebAppFilesCaseInsensitive(java.lang.String caseInsensitive)
                            throws javax.management.InvalidAttributeValueException

Sets the value for the WebAppFilesCaseInsensitive.

Parameters:

caseInsensitive - The new value caseInsensitive.

Throws:

javax.management.InvalidAttributeValueException

See Also:

getWebAppFilesCaseInsensitive()

getConnectionFilter

java.lang.String getConnectionFilter()

The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.

This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setConnectionFilter

void setConnectionFilter(java.lang.String filter)
                  throws javax.management.InvalidAttributeValueException

Throws:

javax.management.InvalidAttributeValueException

getConnectionFilterRules

java.lang.String[] getConnectionFilterRules()

The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.

This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.

Default Value:

null

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setConnectionFilterRules

void setConnectionFilterRules(java.lang.String[] filterList)

getConnectionLoggerEnabled

boolean getConnectionLoggerEnabled()

Specifies whether this WebLogic Server domain should log accepted connections.

This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setConnectionLoggerEnabled

void setConnectionLoggerEnabled(boolean logging)
                         throws javax.management.InvalidAttributeValueException

Throws:

javax.management.InvalidAttributeValueException

getCompatibilityConnectionFiltersEnabled

boolean getCompatibilityConnectionFiltersEnabled()

Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.

This attribute changes the protocols names used when filtering needs to be performed.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCompatibilityConnectionFiltersEnabled

void setCompatibilityConnectionFiltersEnabled(boolean compatibility)
                                       throws javax.management.InvalidAttributeValueException

Throws:

javax.management.InvalidAttributeValueException

getNodeManagerUsername

java.lang.String getNodeManagerUsername()

The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

Returns:

the username value

Default Value:

""

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setNodeManagerUsername

void setNodeManagerUsername(java.lang.String username)

Sets the node manager username for the domain.

Parameters:

username - the new username value

See Also:

getNodeManagerUsername()

getNodeManagerPassword

java.lang.String getNodeManagerPassword()

The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the NodeManagerPasswordEncrypted attribute.
2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the NodeManagerPasswordEncrypted attribute to the encrypted value.

Using this attribute (NodeManagerPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, you should use NodeManagerPasswordEncrypted.

Returns:

the password value

See Also:

getNodeManagerPasswordEncrypted()

setNodeManagerPassword

void setNodeManagerPassword(java.lang.String password)

Sets the value of the NodeManagerPassword attribute.

Parameters:

password - the new password value

See Also:

getNodeManagerPassword(), setNodeManagerPasswordEncrypted(byte[])

getNodeManagerPasswordEncrypted

byte[] getNodeManagerPasswordEncrypted()

The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Returns:

the password value

Default Value:

"".getBytes()

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setNodeManagerPasswordEncrypted

void setNodeManagerPasswordEncrypted(byte[] bytes)

Sets the value of the NodeManagerPassword attribute.

Parameters:

bytes - the new password value

See Also:

getNodeManagerPasswordEncrypted()

isPrincipalEqualsCaseInsensitive

boolean isPrincipalEqualsCaseInsensitive()

Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.

If this attribute is enabled, matches are case insensitive.

Note: Note that principal comparison is not used by the WebLogic Security Service to determine access to protected resources. This attribute is intended for use with JAAS authorization, which may require case insensitive principal matching behavior.

Returns:

true if use case insensitive match, false otherwise

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setPrincipalEqualsCaseInsensitive

void setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive)

Sets the value of the PrincipalEqualsCaseInsensitive attribute.

Parameters:

principalEqualsCaseInsensitive -

See Also:

isPrincipalEqualsCaseInsensitive()

isPrincipalEqualsCompareDnAndGuid

boolean isPrincipalEqualsCompareDnAndGuid()

Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.

If enabled, the GUID and DN data (if included among the attributes in a WebLogic Server principal object) and the principal name are compared when this method is invoked.

Returns:

true if use guid and dn in equal compararison, false otherwise

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setPrincipalEqualsCompareDnAndGuid

void setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid)

Sets the value of the UseGUIDandDNinEqual attribute.

Parameters:

principalEqualsCompareDnAndGuid -

See Also:

isPrincipalEqualsCompareDnAndGuid()

getDowngradeUntrustedPrincipals

boolean getDowngradeUntrustedPrincipals()

Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.

Returns:

the DowngradeUntrustedPrincipals value

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setDowngradeUntrustedPrincipals

void setDowngradeUntrustedPrincipals(boolean downgrade)

Parameters:

downgrade - the new DowngradeUntrustedPrincipals value

See Also:

getDowngradeUntrustedPrincipals()

getEnforceStrictURLPattern

boolean getEnforceStrictURLPattern()

Whether or not the system should enforce strict URL pattern or not.

Returns:

the EnforceStrictURLPattern value

Default Value:

true

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setEnforceStrictURLPattern

void setEnforceStrictURLPattern(boolean enforceStrictURLPattern)

Parameters:

enforceStrictURLPattern - the new EnforceStrictURLPattern value

See Also:

getEnforceStrictURLPattern()

getEnforceValidBasicAuthCredentials

boolean getEnforceValidBasicAuthCredentials()

Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.

Returns:

the EnforceValidBasicAuthCredentials value

Default Value:

true

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setEnforceValidBasicAuthCredentials

void setEnforceValidBasicAuthCredentials(boolean allow)

Parameters:

allow - the new EnforceValidBasicAuthCredentials value

See Also:

getEnforceValidBasicAuthCredentials()

isConsoleFullDelegationEnabled

@Deprecated
boolean isConsoleFullDelegationEnabled()

Deprecated.

14.1.2.0.0

Indicates whether the console is enabled for fully delegate authorization.

Returns:

true if the console is enabled for fully delegate authorization

Default Value:

false

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setConsoleFullDelegationEnabled

@Deprecated
void setConsoleFullDelegationEnabled(boolean enabled)

Deprecated.

14.1.2.0.0

Enables the console to operate with fully delegate authorization.

Parameters:

enabled - the new console full delegation value

See Also:

isConsoleFullDelegationEnabled()

getDefaultRealmInternal

RealmMBean getDefaultRealmInternal()

Specified by:

getDefaultRealmInternal in interface RealmContainer

See Also:

RealmContainer

setDefaultRealmInternal

void setDefaultRealmInternal(RealmMBean def)

Specified by:

setDefaultRealmInternal in interface RealmContainer

See Also:

RealmContainer

getExcludedDomainNames

java.lang.String[] getExcludedDomainNames()

Specifies a list of remote domains for which cross-domain check should not be applied.

Returns:

An array of Strings

setExcludedDomainNames

void setExcludedDomainNames(java.lang.String[] remoteDomains)

Specifies a list of remote domains for which cross-domain check should not be applied. Sets the list of remote domain names that are to be excluded from the cross-domain checks.

Parameters:

remoteDomains - Array of Strings of all the domain names to be excluded.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

isCrossDomainSecurityEnabled

boolean isCrossDomainSecurityEnabled()

Indicates whether or not cross-domain security is enabled.

Returns:

returns a boolean value

Default Value:

false

setCrossDomainSecurityEnabled

void setCrossDomainSecurityEnabled(boolean enabled)

Turns on/off the cross-domain security.

Parameters:

enabled - indicate whether or not cross domain security is enabled via the use of credential mapper.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

getCertRevoc

CertRevocMBean getCertRevoc()

Determines the domain's X509 certificate revocation checking configuration.

A CertRevocMBean is always associated with a domain's security configuration and cannot be changed, although CertRevocMBean attributes may be changed as documented.

Returns:

The associated CertRevocMBean.

isUseKSSForDemo

boolean isUseKSSForDemo()

Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).

If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.

Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):

KSS Stripe

system

KSS Key Store

demoidentity

KSS Private Key Alias

DemoIdentity

Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:

KSS Stripe

system

KSS Key Store

trust

See Also:

setUseKSSForDemo(boolean)

Default Value:

false

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setUseKSSForDemo

void setUseKSSForDemo(boolean useKss)

Specifies that the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).

If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.

Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):

KSS Stripe

system

KSS Key Store

demoidentity

KSS Private Key Alias

DemoIdentity

Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:

KSS Stripe

system

KSS Key Store

trust

Parameters:

useKss - true to use KSS for Demo key stores, otherwise false.

See Also:

isUseKSSForDemo()

getAdministrativeIdentityDomain

java.lang.String getAdministrativeIdentityDomain()

Domain's administrative identity domain.

Returns:

the administrative identity domain if identity domain is enabled.

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setAdministrativeIdentityDomain

void setAdministrativeIdentityDomain(java.lang.String identityDomain)

Set this domain's administrative identity domain.

Parameters:

identityDomain - the administrative identity domain

isIdentityDomainAwareProvidersRequired

boolean isIdentityDomainAwareProvidersRequired()

Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain.

Returns:

true if all providers must support identity domains, false otherwise.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityDomainAwareProvidersRequired

void setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain)

Set whether providers must support the IdentityDomainAwareProviderMBean interface.

Parameters:

requireIdentityDomain - true if providers must support identity domains, false otherwise

isIdentityDomainDefaultEnabled

boolean isIdentityDomainDefaultEnabled()

Returns true if identity domain values should be defaulted for the Administrative Identity Domain, Partition Primary Identity Domain, and Default Authenticator Identity Domain attributes.

Returns:

true if defaulting of identity domain values is enabled, false otherwise.

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setIdentityDomainDefaultEnabled

void setIdentityDomainDefaultEnabled(boolean enabled)

Set whether identity domain default values are enabled

Parameters:

enabled - true if defaulting of identity domain values is enabled, false otherwise.

getNonceTimeoutSeconds

int getNonceTimeoutSeconds()

Returns the value of the nonce timeout in seconds.

Returns:

number of seconds that the nonce is valid.

Default Value:

120

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Minimum Value:

15

setNonceTimeoutSeconds

void setNonceTimeoutSeconds(int timeout)

Sets the value of the nonce timeout in seconds.

Parameters:

timeout - number of seconds that the nonce is valid.

getName

java.lang.String getName()

The user-specified name of this MBean instance.

This name is included as one of the key properties in the MBean's javax.management.ObjectName:

Name=user-specified-name

Specified by:

getName in interface ConfigurationMBean

Specified by:

getName in interface WebLogicMBean

isRemoteAnonymousJNDIEnabled

boolean isRemoteAnonymousJNDIEnabled()

Returns true if remote anonymous JNDI access is permitted for list and modify operations.

Returns:

true if remote anonymous access is allowed, false otherwise

Default Value:

true

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setRemoteAnonymousJNDIEnabled

void setRemoteAnonymousJNDIEnabled(boolean permit)

Permits remote anonymous JNDI access.

Parameters:

permit - The new value.

See Also:

isRemoteAnonymousJNDIEnabled()

getBootAuthenticationRetryCount

int getBootAuthenticationRetryCount()

The maximum number of times the boot process will try to authenticate the boot user with the authentication providers. The authentication will be retried only if a failure occurs that indicates the login server is not available.

Returns:

The number of times the boot process will retry authentication.

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

Minimum Value:

0

setBootAuthenticationRetryCount

void setBootAuthenticationRetryCount(int count)

Parameters:

count -

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

Minimum Value:

0

getBootAuthenticationMaxRetryDelay

long getBootAuthenticationMaxRetryDelay()

The maximum length of time, in milliseconds, the boot process will wait before retrying the authentication after a login server not available exception. The boot process will use a backoff algorithm starting at 100 milliseconds increasing on each failure until the delay time reaches the MaxRetryDelay value.

Returns:

Delay time in milliseconds.

Default Value:

60000

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setBootAuthenticationMaxRetryDelay

void setBootAuthenticationMaxRetryDelay(long millis)

Sets the boot authentication maximum retry delay time.

Default Value:

60000

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

isRemoteAnonymousRMIT3Enabled

boolean isRemoteAnonymousRMIT3Enabled()

Returns true if remote anonymous RMI access via T3 is permitted. If remote anonymous RMI access is not allowed, then client requests that do not specify a username / password may fail.

Returns:

true if remote anonymous RMI access via T3 is allowed, false otherwise

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setRemoteAnonymousRMIT3Enabled

void setRemoteAnonymousRMIT3Enabled(boolean permit)

Permits remote anonymous RMI access via T3.

Parameters:

permit - The new value.

See Also:

isRemoteAnonymousRMIT3Enabled()

isRemoteAnonymousRMIIIOPEnabled

boolean isRemoteAnonymousRMIIIOPEnabled()

Returns true if remote anonymous RMI access via IIOP is permitted. If remote anonymous RMI access is not allowed, then client requests that do not specify a username / password may fail.

Returns:

true if remote anonymous RMI access via IIOP is allowed, false otherwise

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setRemoteAnonymousRMIIIOPEnabled

void setRemoteAnonymousRMIIIOPEnabled(boolean permit)

Permits remote anonymous RMI access via IIOP.

Parameters:

permit - The new value.

See Also:

isRemoteAnonymousRMIIIOPEnabled()

getOutboundReferenceHostAllowList

java.lang.String getOutboundReferenceHostAllowList()

Returns a comma-separated list of hosts from which WebLogic Server may retrieve an object specified by a URL. This can prevent SSRF attacks that send a URL or IOR and expect WebLogic Server to try to resolve it. Defaults to '*", meaning no restrictions.

Default Value:

"*"

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setOutboundReferenceHostAllowList

void setOutboundReferenceHostAllowList(java.lang.String value)

Specifies a comma-separated list of hosts from which WebLogic Server may retrieve an object specified by a URL. An asterisk may be used at either the start or end of a host string to indicate that it is a prefix or suffix.

isCheckIdentityCertificates

boolean isCheckIdentityCertificates()

Returns true if identity certificates should be checked periodically for expiration.

Returns:

true if identity certificates should be checked, false otherwise

Default Value:

true

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCheckIdentityCertificates

void setCheckIdentityCertificates(boolean check)

Sets the flag indicating that identity certificates should be checked.

Parameters:

check - true if identity certificates should be checked, false otherwise

See Also:

isCheckIdentityCertificates()

isCheckTrustCertificates

boolean isCheckTrustCertificates()

Returns true if trust certificates should be checked periodically for expiration.

Returns:

true if trust certificates should be checked, false otherwise

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setCheckTrustCertificates

void setCheckTrustCertificates(boolean check)

Sets the flag indicating that trust certificates should be checked.

Parameters:

check - true if trust certificates should be checked, false otherwise

See Also:

isCheckTrustCertificates()

getCheckCertificatesIntervalDays

int getCheckCertificatesIntervalDays()

Returns the interval between checks for certificate expiration.

Returns:

the interval between checks, in days

Default Value:

1

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Minimum Value:

1

setCheckCertificatesIntervalDays

void setCheckCertificatesIntervalDays(int days)

Sets the interval between checks for certificate expiration.

Parameters:

days - the interval between checks, in days

See Also:

getCheckCertificatesIntervalDays()

getCheckCertificatesExpirationDays

int getCheckCertificatesExpirationDays()

Returns the number of days before certificate expiration that warnings should be issued.

Returns:

the number of days before certificate expiration

Default Value:

30

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

Minimum Value:

1

setCheckCertificatesExpirationDays

void setCheckCertificatesExpirationDays(int days)

Sets the number of days before certificate expiration that warnings should be issued.

Parameters:

days - the number of days before certificate expiration

See Also:

getCheckCertificatesExpirationDays()

isConnectionFilterIgnoreRuleErrorsEnabled

boolean isConnectionFilterIgnoreRuleErrorsEnabled()

Specifies whether the WebLogic Server should ignore filter rule errors during server startup.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setConnectionFilterIgnoreRuleErrorsEnabled

void setConnectionFilterIgnoreRuleErrorsEnabled(boolean ignoreFilterRuleError)
                                         throws javax.management.InvalidAttributeValueException

Throws:

javax.management.InvalidAttributeValueException

isTwoWayTLSRequiredForAdminClients

boolean isTwoWayTLSRequiredForAdminClients()

Specifies whether the WebLogic Server domain should require 2 way TLS for admin clients.

Returns:

true if Two Way TLS is required, false otherwise.

Default Value:

false

Changes to this property are dynamic and thus take effect immediately without restarting the server or partition.

setTwoWayTLSRequiredForAdminClients

void setTwoWayTLSRequiredForAdminClients(boolean required)
                                  throws javax.management.InvalidAttributeValueException

Sets whether Two Way TLS is required for admin clients.

Parameters:

required - - true if Two Way TLS is required, false otherwise.

Throws:

javax.management.InvalidAttributeValueException

See Also:

isTwoWayTLSRequiredForAdminClients()

isCrossDomainSecurityCacheEnabled

boolean isCrossDomainSecurityCacheEnabled()

Returns whether the Cross Domain Security subject cache is enabled.

Default Value:

false

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

setCrossDomainSecurityCacheEnabled

void setCrossDomainSecurityCacheEnabled(boolean enabled)
                                 throws javax.management.InvalidAttributeValueException

Specifies whether to enable the Local Domain Security subject cache.

Parameters:

enabled -

Throws:

javax.management.InvalidAttributeValueException

See Also:

isCrossDomainSecurityCacheEnabled()

getCrossDomainSecurityCacheTTL

int getCrossDomainSecurityCacheTTL()

Returns the time-to-live (TTL), in seconds, of the Cross Domain Security subject cache. This value is used only if CrossDomainSecurityCacheEnabled is set to true.

Default Value:

300

Changes to this property take effect after you redeploy the module or restart the server. If the resource is in a partition, restart the partition.

Minimum Value:

0

setCrossDomainSecurityCacheTTL

void setCrossDomainSecurityCacheTTL(int seconds)
                             throws javax.management.InvalidAttributeValueException

Specifies the time-to-live (TTL), in seconds, of the Cross Domain Security subject cache.

Parameters:

seconds - The Cross Domain Security subject cache TTL in seconds

Throws:

javax.management.InvalidAttributeValueException

See Also:

getCrossDomainSecurityCacheTTL()