1. RESTful Edit Management Interface for Oracle WebLogic Server
  2. Tasks
  3. Realm

Create A New Realm

post

/management/weblogic/{version}/edit/securityConfiguration/realms

Add a new realm to this collection.

Request

Supported Media Types
Path Parameters
Header Parameters
  • The 'X-Requested-By' header is used to protect against Cross-Site Request Forgery (CSRF) attacks. The value is an arbitrary name such as 'MyClient'.
Body ()

Must contain a populated realm model.

Root Schema : Realm
Type: object
Show Source
  • Items
    Title: Items
    Read Only: true

    Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

  • Items
    Title: Items
    Read Only: true

    Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

  • Items
    Title: Items
    Read Only: true

    Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

  • Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. The authentication methods will be applied in order in which they appear in the list.

  • Items
    Title: Items
    Read Only: true

    Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

  • Specifies whether the Realm will be auto-restarted if non-dynamic changes are made to the realm or providers within the realm.

  • Cert Path Builder Reference
    Title: Cert Path Builder Reference
    Contains the cert path builder reference.

    Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders

    Constraints

    • restart required
  • Items
    Title: Items
    Read Only: true

    Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

  • Default Value: true

    Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.

    When enabled:

    • Application role mappings are combined with EJB and Web application mappings so that all principal mappings are included. The Security Service combines the role mappings with a logical OR operator.

    • If one or more policies in the web.xml file specify a role for which no mapping exists in the weblogic.xml file, the Web application container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access URL patterns that are secured by such policies.

    • If one or more policies in the ejb-jar.xml file specify a role for which no mapping exists in the weblogic-ejb-jar.xml file, the EJB container creates an empty map for the undefined role (that is, the role is explicitly defined as containing no principal). Therefore, no one can access methods that are secured by such policies.

    When disabled:

    • Role mappings for each container are exclusive to other containers unless defined by the descriptor element.

    • If one or more policies in the web.xml file specify a role for which no role mapping exists in the weblogic.xml file, the Web application container assumes that the undefined role is the name of a principal. It therefore maps the assumed principal to the role name. For example, if the web.xml file contains the following stanza in one of its policies:


      PrivilegedUser

      but, if the weblogic.xml file has no role mapping for PrivilegedUser, then the Web application container creates an in-memory mapping that is equivalent to the following stanza:


      PrivilegedUser
      PrivilegedUser

    • Role mappings for EJB methods must be defined in the weblogic-ejb-jar.xml file. Role mappings defined in the other containers are not used unless defined by the descriptor element.

    Note:

    For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.

  • Items
    Title: Items
    Read Only: true

    Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

  • Default Value: false

    Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.

    You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.

    If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.

    Constraints

    • secure default : true
  • Default Value: false

    Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.

    The Authorization and Role Mapping providers may or may not support parallel security policy and role modification, respectively, in the security provider database. If the security providers do not support parallel modification, the WebLogic Security Framework enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.

  • Default Value: 60000

    Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation. This value is only used if DeployableProviderSynchronizationEnabled is set to true

  • Default Value: true

    Returns whether the WebLogic Principal Validator caching is enabled.

    The Principal Validator is used by Oracle supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.

  • Default Value: true

    Returns whether the Identity Assertion cache is enabled.

  • Minimum Value: 0
    Default Value: 300

    Returns the time-to-live (TTL), in seconds, of the Identity Assertion cache. This value is used only if IdentityAssertionCacheEnabled is set to true

  • Items
    Title: Items

    Returns the names of the ContextElements that are not stored in the Identity Assertion cache because these elements are present in the ContextHandler of the requests. This value is used only if IdentityAssertionCacheEnabled is set to true

  • Items
    Title: Items

    Obtain an ordered list of token type names used for Identity Assertion with HTTP request headers.

    The list determines the precedence order when multiple HTTP headers are present in an HTTP request based on the list of active token types maintained on the configured Authentication providers.

  • Sets the Management Identity Domain value for the realm.

  • Default Value: 500

    Returns the maximum size of the LRU cache for holding WebLogic Principal signatures. This value is only used if EnableWebLogicPrincipalValidatorCache is set to true

  • Read Only: true
    Default Value: Realm

    The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

  • Items
    Title: Items
    Read Only: true

    Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. Use this method to find the available types to pass to createPasswordValidator

  • Minimum Value: 1
    Default Value: 60

    Specifies the retire timeout for a realm that is restarted. The old realm will be shutdown after the specified timeout period has elapsed.

  • Items
    Title: Items
    Read Only: true

    Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

  • Default Value: DDOnly
    Allowed Values: [ "DDOnly", "CustomRoles", "CustomRolesAndPolicies", "Advanced" ]

    Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.

    Note: If you deploy a module by modifying the domain's config.xml file and restarting the server, and if you do not specify a security model value for the module in config.xml, the module is secured with the default value of the AppDeploymentMBean SecurityDDModel attribute (see weblogic.management.configuration.AppDeploymentMBean#getSecurityDDModel() getSecurityDDModel).

    Choose one of these security models:

    • Deployment Descriptors Only (DDOnly)

      • For EJBs and URL patterns, this model uses only the roles and policies in the J2EE deployment descriptors (DD); the Administration Console allows only read access for this data. With this model, EJBs and URL patterns are not protected by roles and policies of a broader scope (such as a policy scoped to an entire Web application). If an EJB or URL pattern is not protected by a role or policy in the DD, then it is unprotected: anyone can access it.

      • For application-scoped roles in an EAR, this model uses only the roles defined in the WebLogic Server DD; the Administration Console allows only read access for this data. If the WebLogic Server DD does not define roles, then there will be no such scoped roles defined for this EAR.

      • For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies for an EAR.

      • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.

    • Customize Roles Only (CustomRoles)

      • For EJBs and URL patterns, this model uses only the policies in the J2EE deployment descriptors (DD). EJBs and URL patterns are not protected by policies of a broader scope (such as a policy scoped to an entire Web application). This model ignores any roles defined in the DDs; an administrator completes the role mappings using the Administration Console.

      • For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies or roles for an EAR.

      • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.

    • Customize Roles and Policies (CustomRolesAndPolicies)

      • Ignores any roles and policies defined in deployment descriptors. An administrator uses the Administration Console to secure the resources.

      • Performs security checks for all URLs or EJB methods in the module.

      • Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.

    • Advanced (Advanced)

      You configure how this model behaves by setting values for the following options:

      • When Deploying Web Applications or EJBs

        Note: When using the WebLogic Scripting Tool or JMX APIs, there is no single MBean attribute for this setting. Instead, you must set the values for the DeployPolicyIgnored and DeployRoleIgnored attributes of RealmMBean

      • Check Roles and Policies (FullyDelegateAuthorization)

      • Combined Role Mapping Enabled (CombinedRoleMappingEnabled)

      You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.

      Note: Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.

  • Default Value: false

    Not used in this release.

Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Adjudication providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAdjudicator. Use this method to find the available types to pass to createAdjudicator

Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Auditing providers that may be created in this security realm, for example, weblogic.security.providers.audit.DefaultAuditor. Use this method to find the available types to pass to createAuditor

Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Authentication providers that may be created in this security realm, for example, weblogic.security.providers.authentication.DefaultAuthenticator. Use this method to find the available types to pass to createAuthenticationProvider

Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Authorization providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultAuthorizer. Use this method to find the available types to pass to createAuthorizer

Show Source
Nested Schema : Cert Path Builder Reference
Type: array
Title: Cert Path Builder Reference
Contains the cert path builder reference.

Returns the CertPath Builder provider in this security realm that will be used by the security system to build certification paths. Returns null if none has been selected. The provider will be one of this security realm's CertPathProviders

Constraints

  • restart required
Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Certification Path providers that may be created in this security realm, for example, weblogic.security.providers.pk.WebLogicCertPathProvider. Use this method to find the available types to pass to createCertPathProvider

Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Credential Mapping providers that may be created in this security realm, for example, weblogic.security.providers.credentials.DefaultCredentialMapper. Use this method to find the available types to pass to createCredentialMapper

Show Source
Nested Schema : Items
Type: array
Title: Items

Returns the names of the ContextElements that are not stored in the Identity Assertion cache because these elements are present in the ContextHandler of the requests. This value is used only if IdentityAssertionCacheEnabled is set to true

Show Source
Nested Schema : Items
Type: array
Title: Items

Obtain an ordered list of token type names used for Identity Assertion with HTTP request headers.

The list determines the precedence order when multiple HTTP headers are present in an HTTP request based on the list of active token types maintained on the configured Authentication providers.

Default Value: oracle.doceng.json.BetterJsonNull@18848a43
Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Password Validator providers that may be created in this security realm, for example, com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. Use this method to find the available types to pass to createPasswordValidator

Show Source
Nested Schema : Items
Type: array
Title: Items
Read Only: true

Returns the types of Role Mapping providers that may be created in this security realm, for example, weblogic.security.providers.authorization.DefaultRoleMapper. Use this method to find the available types to pass to createRoleMapper

Show Source
Security
  • Type: basic
    Description: A user in the Admin security role.
Back to Top

Response

201 Response

Back to Top