Skip navigation links

weblogic.management.configuration
Interface SecurityConfigurationMBean

All Superinterfaces:

ConfigurationMBean, DescriptorBean, DynamicMBean, MBeanRegistration, NotificationBroadcaster, RealmContainer, SettableBean, WebLogicMBean

public interface SecurityConfigurationMBean

extends ConfigurationMBean, RealmContainer

Provides domain-wide security configuration information.

Since:

7.0.0.0

Field Summary

Fields inherited from interface weblogic.management.configuration.ConfigurationMBean

DEFAULT_EMPTY_BYTE_ARRAY

Method Summary

abstract RealmMBean	createRealm() Creates a realm.
abstract RealmMBean	createRealm(String name) Creates a realm.
abstract void	destroyRealm(RealmMBean realm) Destroys a realm.
abstract RealmMBean	findDefaultRealm() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm()
abstract RealmMBean	findRealm(String realmDisplayName) Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.lookupRealm(java.lang.String)
abstract RealmMBean[]	findRealms() Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getRealms()
abstract byte[]	generateCredential() Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
abstract String	getAdministrativeIdentityDomain() Domain's administrative identity domain.
abstract CertRevocMBean	getCertRevoc() Determines the domain's X509 certificate revocation checking configuration.
abstract boolean	getCompatibilityConnectionFiltersEnabled() Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.
abstract String	getConnectionFilter() The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface).
abstract String[]	getConnectionFilterRules() The rules used by any connection filter that implements the ConnectionFilterRulesListener interface.
abstract boolean	getConnectionLoggerEnabled() Specifies whether this WebLogic Server domain should log accepted connections.
abstract RealmMBean	getDefaultRealm() Returns the default security realm or null if no realm has been selected as the default security realm.
abstract RealmMBean	getDefaultRealmInternal()
abstract boolean	getDowngradeUntrustedPrincipals() Whether or not to downgrade to anonymous principals that cannot be verified.
abstract boolean	getEnforceStrictURLPattern() Whether or not the system should enforce strict URL pattern or not.
abstract boolean	getEnforceValidBasicAuthCredentials() Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.
abstract String[]	getExcludedDomainNames() Specifies a list of remote domains for which cross-domain check should not be applied.
abstract JASPICMBean	getJASPIC() Creates a Jaspic MBean from which AuthConfigProviders can be created and configured.
abstract String	getNodeManagerPassword() The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
abstract byte[]	getNodeManagerPasswordEncrypted() The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
abstract String	getNodeManagerUsername() The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
abstract int	getNonceTimeoutSeconds() Returns the value of the nonce timeout in seconds.
abstract RealmMBean[]	getRealms() Returns all the realms in the domain.
abstract String	getWebAppFilesCaseInsensitive() This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies.
abstract boolean	isAnonymousAdminLookupEnabled() Deprecated. 12.2.1.0
abstract boolean	isClearTextCredentialAccessEnabled() Returns true if allow access to credential in clear text.
abstract boolean	isConsoleFullDelegationEnabled() Indicates whether the console is enabled for fully delegate authorization.
abstract boolean	isCrossDomainSecurityEnabled() Indicates whether or not cross-domain security is enabled.
abstract boolean	isIdentityDomainAwareProvidersRequired() Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain.
abstract boolean	isIdentityDomainDefaultEnabled() Returns true if identity domain values should be defaulted for the Administrative Identity Domain, Partition Primary Identity Domain, and Default Authenticator Identity Domain attributes.
abstract boolean	isPrincipalEqualsCaseInsensitive() Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.
abstract boolean	isPrincipalEqualsCompareDnAndGuid() Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.
abstract boolean	isUseKSSForDemo() Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).
abstract RealmMBean	lookupRealm(String name) Finds a realm given it's name.
abstract void	setAdministrativeIdentityDomain(String identityDomain) Set this domain's administrative identity domain.
abstract void	setAnonymousAdminLookupEnabled(boolean permit) Permits anonymous JNDI access to get the Admin MBean home.
abstract void	setClearTextCredentialAccessEnabled(boolean enabled) Allow access to clear-text password.
abstract void	setCompatibilityConnectionFiltersEnabled(boolean compatibility)
abstract void	setConnectionFilter(String filter)
abstract void	setConnectionFilterRules(String[] filterList)
abstract void	setConnectionLoggerEnabled(boolean logging)
abstract void	setConsoleFullDelegationEnabled(boolean enabled) Enables the console to operate with fully delegate authorization.
abstract void	setCredential(String credential) As of 8.1 sp4, this method does the following:
abstract void	setCredentialEncrypted(byte[] bytes) Encrypts and sets the value of the CredentialEncrypted attribute.
abstract void	setCrossDomainSecurityEnabled(boolean enabled) Turns on/off the cross-domain security.
abstract void	setDefaultRealm(RealmMBean defaultRealm) Sets the default security realm.
abstract void	setDefaultRealmInternal(RealmMBean def)
abstract void	setDowngradeUntrustedPrincipals(boolean downgrade)
abstract void	setEnforceStrictURLPattern(boolean enforceStrictURLPattern)
abstract void	setEnforceValidBasicAuthCredentials(boolean allow)
abstract void	setExcludedDomainNames(String[] remoteDomains) Specifies a list of remote domains for which cross-domain check should not be applied.
abstract void	setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain) Set whether providers must support the IdentityDomainAwareProviderMBean interface.
abstract void	setIdentityDomainDefaultEnabled(boolean enabled) Set whether identity domain default values are enabled
abstract void	setNodeManagerPassword(String password) Sets the value of the NodeManagerPassword attribute.
abstract void	setNodeManagerPasswordEncrypted(byte[] bytes) Sets the value of the NodeManagerPassword attribute.
abstract void	setNodeManagerUsername(String username) Sets the node manager username for the domain.
abstract void	setNonceTimeoutSeconds(int timeout) Sets the value of the nonce timeout in seconds.
abstract void	setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive) Sets the value of the PrincipalEqualsCaseInsensitive attribute.
abstract void	setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid) Sets the value of the UseGUIDandDNinEqual attribute.
abstract void	setUseKSSForDemo(boolean useKss) Specifies that the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).
abstract void	setWebAppFilesCaseInsensitive(String caseInsensitive) Sets the value for the WebAppFilesCaseInsensitive.

Methods inherited from interface weblogic.management.configuration.ConfigurationMBean

freezeCurrentValue, getId, getInheritedProperties, getName, getNotes, isDynamicallyCreated, isInherited, isSet, restoreDefaultValue, setComments, setDefaultedMBean, setName, setNotes, setPersistenceEnabled, unSet

Methods inherited from interface weblogic.management.WebLogicMBean

getMBeanInfo, getObjectName, getParent, getType, isCachingDisabled, isRegistered, setParent

Methods inherited from interface javax.management.DynamicMBean

getAttribute, getAttributes, invoke, setAttribute, setAttributes

Methods inherited from interface javax.management.MBeanRegistration

postDeregister, postRegister, preDeregister, preRegister

Methods inherited from interface javax.management.NotificationBroadcaster

addNotificationListener, getNotificationInfo, removeNotificationListener

Methods inherited from interface weblogic.descriptor.DescriptorBean

addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener

Method Detail

getJASPIC

JASPICMBean getJASPIC()

Creates a Jaspic MBean from which AuthConfigProviders can be created and configured.

createRealm

RealmMBean createRealm(String name)
                       throws JMException

Creates a realm.

Parameters:

name - - The name of this realm, for example, myrealm

Throws:

JMException

createRealm

RealmMBean createRealm()
                       throws JMException

Creates a realm. among all realms in the domain. If the name can be converted to a JMX object name, then it is used as the provider's JMX object name. The encouraged convention is: "Security:Name=realmDisplayName". For example: "Security:Name=myrealm". that will be displayed in the console).

Throws:

JMException

destroyRealm

void destroyRealm(RealmMBean realm)

Destroys a realm. This does not destroy its providers or its user lockout manager.

Parameters:

realm -

getRealms

RealmMBean[] getRealms()

Returns all the realms in the domain.

lookupRealm

RealmMBean lookupRealm(String name)

Finds a realm given it's name. The name is often its JMX object name (e.g. Security:Name=myrealm)

Parameters:

realm -

findRealms

RealmMBean[] findRealms()

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getRealms()

Returns all the realms in the domain.

findDefaultRealm

RealmMBean findDefaultRealm()

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.getDefaultRealm()

Finds the default security realm. Returns null if a default security realm is not defined.

findRealm

RealmMBean findRealm(String realmDisplayName)

Deprecated. 9.0.0.0 Replaced by SecurityConfigurationMBean.lookupRealm(java.lang.String)

Finds a realm by name (that is, by the display name of the realm). Returns null no realm with that name has been defined. Throws a configuration error if there are multiple matches.

Parameters:

realmDisplayName - A String containing the realm's display name.

getDefaultRealm

RealmMBean getDefaultRealm()

Returns the default security realm or null if no realm has been selected as the default security realm.

setDefaultRealm

void setDefaultRealm(RealmMBean defaultRealm)
                     throws InvalidAttributeValueException

Sets the default security realm.

Parameters:

defaultRealm - The new default realm. Use null to specify that there is no default realm.

Throws:

InvalidAttributeValueException

isAnonymousAdminLookupEnabled

boolean isAnonymousAdminLookupEnabled()

Deprecated. 12.2.1.0

Returns true if anonymous JNDI access for Admin MBean home is permitted. This is overridden by the Java property -Dweblogic.management.anonymousAdminLookupEnabled.

Returns:

true if anonymous access is allowed, false otherwise

setAnonymousAdminLookupEnabled

void setAnonymousAdminLookupEnabled(boolean permit)

Permits anonymous JNDI access to get the Admin MBean home.

Parameters:

permit - The new value.

See Also:

SecurityConfigurationMBean.isAnonymousAdminLookupEnabled()

isClearTextCredentialAccessEnabled

boolean isClearTextCredentialAccessEnabled()

Returns true if allow access to credential in clear text. This can be overridden by the system property -Dweblogic.management.clearTextCredentialAccessEnabled

Returns:

true if allow access to clear-text password, false otherwise

setClearTextCredentialAccessEnabled

void setClearTextCredentialAccessEnabled(boolean enabled)

Allow access to clear-text password.

Parameters:

enabled - The new value.

See Also:

SecurityConfigurationMBean.isClearTextCredentialAccessEnabled()

generateCredential

byte[] generateCredential()

Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted

Returns:

a new encrypted byte array suitable for use as a domain credential.

setCredential

void setCredential(String credential)
                   throws InvalidAttributeValueException

As of 8.1 sp4, this method does the following:

1. Encrypts the parameter value.
2. Sets the value of the CredentialEncrypted attribute to the encrypted parameter value.

Parameters:

credential - The new credential value

Throws:

InvalidAttributeValueException

See Also:

SecurityConfigurationMBean.getCredential(), SecurityConfigurationMBean.setCredentialEncrypted(byte[] bytes)

setCredentialEncrypted

void setCredentialEncrypted(byte[] bytes)
                            throws InvalidAttributeValueException

Encrypts and sets the value of the CredentialEncrypted attribute.

Parameters:

bytes - The new credential value as a byte array.

Throws:

InvalidAttributeValueException

See Also:

SecurityConfigurationMBean.getCredentialEncrypted()

getWebAppFilesCaseInsensitive

String getWebAppFilesCaseInsensitive()

This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies. Note: This is a Windows-only flag that is provided for backward compatibility when upgrading from pre-9.0 versions of WebLogic Server. On Unix platforms, setting this value to true causes undesired behavior and is not supported. When the value is set to os, the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic Server does not enforce case sensitivity and relies on the file system for optimization. As a result, if you have a Windows Samba mount from Unix or Mac OS that has been installed in case-insensitive mode, there is a chance of a security risk. If so, specify case-insensitive lookups by setting this attribute to true. Note also that this property is used to preserve backward compatibility on Windows file systems only. In prior releases, WebLogic Server was case- insensitive on Windows. As of WebLogic Server 9.0, URL-pattern matching is strictly enforced. During the upgrade of older domains, the value of this parameter is explicitly set to os by the upgrade plug-in to preserve backward compatibility.

setWebAppFilesCaseInsensitive

void setWebAppFilesCaseInsensitive(String caseInsensitive)
                                   throws InvalidAttributeValueException

Sets the value for the WebAppFilesCaseInsensitive.

Parameters:

caseInsensitive - The new value caseInsensitive.

Throws:

InvalidAttributeValueException

See Also:

SecurityConfigurationMBean.getWebAppFilesCaseInsensitive()

getConnectionFilter

String getConnectionFilter()

The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.

This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.

Since:

9.0.0.0

setConnectionFilter

void setConnectionFilter(String filter)
                         throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

getConnectionFilterRules

String[] getConnectionFilterRules()

The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.

This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.

Since:

9.0.0.0

setConnectionFilterRules

void setConnectionFilterRules(String[] filterList)

getConnectionLoggerEnabled

boolean getConnectionLoggerEnabled()

Specifies whether this WebLogic Server domain should log accepted connections.

This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.

Since:

9.0.0.0

setConnectionLoggerEnabled

void setConnectionLoggerEnabled(boolean logging)
                                throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

getCompatibilityConnectionFiltersEnabled

boolean getCompatibilityConnectionFiltersEnabled()

Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.

This attribute changes the protocols names used when filtering needs to be performed.

Since:

9.0.0.0

setCompatibilityConnectionFiltersEnabled

void setCompatibilityConnectionFiltersEnabled(boolean compatibility)
                                              throws InvalidAttributeValueException

Throws:

InvalidAttributeValueException

getNodeManagerUsername

String getNodeManagerUsername()

The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

Returns:

the username value

Since:

9.0.0.0

setNodeManagerUsername

void setNodeManagerUsername(String username)

Sets the node manager username for the domain.

Parameters:

username - the new username value

Since:

9.0.0.0

See Also:

SecurityConfigurationMBean.getNodeManagerUsername()

getNodeManagerPassword

String getNodeManagerPassword()

The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

When you get the value of this attribute, WebLogic Server does the following:

1. Retrieves the value of the NodeManagerPasswordEncrypted attribute.
2. Decrypts the value and returns the unencrypted password as a String.

When you set the value of this attribute, WebLogic Server does the following:

1. Encrypts the value.
2. Sets the value of the NodeManagerPasswordEncrypted attribute to the encrypted value.

Using this attribute (NodeManagerPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

Instead of using this attribute, you should use NodeManagerPasswordEncrypted.

Returns:

the password value

Since:

9.0.0.0

See Also:

SecurityConfigurationMBean.getNodeManagerPasswordEncrypted()

setNodeManagerPassword

void setNodeManagerPassword(String password)

Sets the value of the NodeManagerPassword attribute.

Parameters:

password - the new password value

Since:

9.0.0.0

See Also:

SecurityConfigurationMBean.getNodeManagerPassword(), SecurityConfigurationMBean.setNodeManagerPasswordEncrypted(byte[])

getNodeManagerPasswordEncrypted

byte[] getNodeManagerPasswordEncrypted()

The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.

To set this attribute, use weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.

To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.

Returns:

the password value

Since:

9.0.0.0

setNodeManagerPasswordEncrypted

void setNodeManagerPasswordEncrypted(byte[] bytes)

Sets the value of the NodeManagerPassword attribute.

Parameters:

bytes - the new password value

Since:

9.0.0.0

See Also:

SecurityConfigurationMBean.getNodeManagerPasswordEncrypted()

isPrincipalEqualsCaseInsensitive

boolean isPrincipalEqualsCaseInsensitive()

Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.

If this attribute is enabled, matches are case insensitive.

Note: Note that principal comparison is not used by the WebLogic Security Service to determine access to protected resources. This attribute is intended for use with JAAS authorization, which may require case insensitive principal matching behavior.

Returns:

true if use case insensitive match, false otherwise

setPrincipalEqualsCaseInsensitive

void setPrincipalEqualsCaseInsensitive(boolean principalEqualsCaseInsensitive)

Sets the value of the PrincipalEqualsCaseInsensitive attribute.

Parameters:

principalEqualsCaseInsensitive -

See Also:

SecurityConfigurationMBean.isPrincipalEqualsCaseInsensitive()

isPrincipalEqualsCompareDnAndGuid

boolean isPrincipalEqualsCompareDnAndGuid()

Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.

If enabled, the GUID and DN data (if included among the attributes in a WebLogic Server principal object) and the principal name are compared when this method is invoked.

Returns:

true if use guid and dn in equal compararison, false otherwise

setPrincipalEqualsCompareDnAndGuid

void setPrincipalEqualsCompareDnAndGuid(boolean principalEqualsCompareDnAndGuid)

Sets the value of the UseGUIDandDNinEqual attribute.

Parameters:

principalEqualsCompareDnAndGuid -

See Also:

SecurityConfigurationMBean.isPrincipalEqualsCompareDnAndGuid()

getDowngradeUntrustedPrincipals

boolean getDowngradeUntrustedPrincipals()

Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.

Returns:

the DowngradeUntrustedPrincipals value

Since:

9.0.0.0

setDowngradeUntrustedPrincipals

void setDowngradeUntrustedPrincipals(boolean downgrade)

Parameters:

downgrade - the new DowngradeUntrustedPrincipals value

See Also:

SecurityConfigurationMBean.getDowngradeUntrustedPrincipals()

getEnforceStrictURLPattern

boolean getEnforceStrictURLPattern()

Whether or not the system should enforce strict URL pattern or not.

Returns:

the EnforceStrictURLPattern value

Since:

9.0.0.0

setEnforceStrictURLPattern

void setEnforceStrictURLPattern(boolean enforceStrictURLPattern)

Parameters:

enforceStrictURLPattern - the new EnforceStrictURLPattern value

See Also:

SecurityConfigurationMBean.getEnforceStrictURLPattern()

getEnforceValidBasicAuthCredentials

boolean getEnforceValidBasicAuthCredentials()

Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.

Returns:

the EnforceValidBasicAuthCredentials value

Since:

9.2

setEnforceValidBasicAuthCredentials

void setEnforceValidBasicAuthCredentials(boolean allow)

Parameters:

allow - the new EnforceValidBasicAuthCredentials value

See Also:

SecurityConfigurationMBean.getEnforceValidBasicAuthCredentials()

isConsoleFullDelegationEnabled

boolean isConsoleFullDelegationEnabled()

Indicates whether the console is enabled for fully delegate authorization.

Returns:

true if the console is enabled for fully delegate authorization

Since:

9.2.0.0

setConsoleFullDelegationEnabled

void setConsoleFullDelegationEnabled(boolean enabled)

Enables the console to operate with fully delegate authorization.

Parameters:

enabled - the new console full delegation value

Since:

9.2.0.0

See Also:

SecurityConfigurationMBean.isConsoleFullDelegationEnabled()

getDefaultRealmInternal

RealmMBean getDefaultRealmInternal()

See Also:

RealmContainer

setDefaultRealmInternal

void setDefaultRealmInternal(RealmMBean def)

See Also:

RealmContainer

getExcludedDomainNames

String[] getExcludedDomainNames()

Specifies a list of remote domains for which cross-domain check should not be applied.

Returns:

An array of Strings

Since:

10.0

setExcludedDomainNames

void setExcludedDomainNames(String[] remoteDomains)

Specifies a list of remote domains for which cross-domain check should not be applied. Sets the list of remote domain names that are to be excluded from the cross-domain checks.

Parameters:

remoteDomains - Array of Strings of all the domain names to be excluded.

isCrossDomainSecurityEnabled

boolean isCrossDomainSecurityEnabled()

Indicates whether or not cross-domain security is enabled.

Returns:

returns a boolean value

setCrossDomainSecurityEnabled

void setCrossDomainSecurityEnabled(boolean enabled)

Turns on/off the cross-domain security.

Parameters:

enabled - indicate whether or not cross domain security is enabled via the use of credential mapper.

getCertRevoc

CertRevocMBean getCertRevoc()

Determines the domain's X509 certificate revocation checking configuration.

A CertRevocMBean is always associated with a domain's security configuration and cannot be changed, although CertRevocMBean attributes may be changed as documented.

Returns:

The associated CertRevocMBean.

isUseKSSForDemo

boolean isUseKSSForDemo()

Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).

If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.

Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):

KSS Stripe

system

KSS Key Store

demoidentity

KSS Private Key Alias

DemoIdentity

Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:

KSS Stripe

system

KSS Key Store

trust

See Also:

SecurityConfigurationMBean.setUseKSSForDemo(boolean)

setUseKSSForDemo

void setUseKSSForDemo(boolean useKss)

Specifies that the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).

If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.

Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):

KSS Stripe

system

KSS Key Store

demoidentity

KSS Private Key Alias

DemoIdentity

Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:

KSS Stripe

system

KSS Key Store

trust

Parameters:

useKss - true to use KSS for Demo key stores, otherwise false.

See Also:

SecurityConfigurationMBean.isUseKSSForDemo()

getAdministrativeIdentityDomain

String getAdministrativeIdentityDomain()

Domain's administrative identity domain.

Returns:

the administrative identity domain if identity domain is enabled.

Since:

12.2.1.0

setAdministrativeIdentityDomain

void setAdministrativeIdentityDomain(String identityDomain)

Set this domain's administrative identity domain.

Parameters:

identityDomain - the administrative identity domain

Since:

12.2.1.0

isIdentityDomainAwareProvidersRequired

boolean isIdentityDomainAwareProvidersRequired()

Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain.

Returns:

true if all providers must support identity domains, false otherwise.

Since:

12.2.1.0

setIdentityDomainAwareProvidersRequired

void setIdentityDomainAwareProvidersRequired(boolean requireIdentityDomain)

Set whether providers must support the IdentityDomainAwareProviderMBean interface.

Parameters:

requireIdentityDomain - true if providers must support identity domains, false otherwise

Since:

12.2.1.0

isIdentityDomainDefaultEnabled

boolean isIdentityDomainDefaultEnabled()

Returns true if identity domain values should be defaulted for the Administrative Identity Domain, Partition Primary Identity Domain, and Default Authenticator Identity Domain attributes.

Returns:

true if defaulting of identity domain values is enabled, false otherwise.

Since:

12.2.1.0

setIdentityDomainDefaultEnabled

void setIdentityDomainDefaultEnabled(boolean enabled)

Set whether identity domain default values are enabled

Parameters:

enabled - true if defaulting of identity domain values is enabled, false otherwise.

Since:

12.2.1.0

getNonceTimeoutSeconds

int getNonceTimeoutSeconds()

Returns the value of the nonce timeout in seconds.

Returns:

number of seconds that the nonce is valid.

Since:

12.2.1.0

setNonceTimeoutSeconds

void setNonceTimeoutSeconds(int timeout)

Sets the value of the nonce timeout in seconds.

Parameters:

timeout - number of seconds that the nonce is valid.

Since:

12.2.1.0

Skip navigation links