PKICredentialMapperMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

This MBean represents configuration attributes for the PKI Credential Mapping provider.

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.credentials.PKICredentialMapperMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.
Access Points Inherited from CredentialMapperMBean Because this MBean extends or implements CredentialMapperMBean, you can also access this MBean by retrieving CredentialMapperMBeans. The following attributes contain CredentialMapperMBeans and its subtypes:


    Related MBeans

    This section describes attributes that provide access to other MBeans.


      Realm

      Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

             
      Privileges Read only
      TypeRealmMBean
      Relationship type: Reference.


      Attributes

      This section describes the following attributes:


      Description

      A short description of the PKI Credential Mapping provider.

      A short description of the PKI Credential Mapping provider.

             
      Privileges Read only
      Typejava.lang.String
      Default ValuePKI Credential Mapping Provider
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      KeyStoreFileName

      Location of the keystore relative to the directory where the server was started.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      KeyStorePassPhrase

      The Keystore password.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value
      Encryptedtrue

      KeyStorePassPhraseEncrypted

             
      Privileges Read/Write
      Typebyte[]
      Encryptedtrue

      KeyStoreProvider

      Represents a provider for the Java Security API that should be used.

             
      Privileges Read/Write
      Typejava.lang.String
      Default Value

      KeyStoreType

      The provider will generate a keystore object of this type. Default is JKS.

             
      Privileges Read/Write
      Typejava.lang.String
      Default ValueJKS

      Name

             
      Privileges Read only
      Typejava.lang.String
      Default ValuePKICredentialMapper
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      ProviderClassName

      The name of the Java class that loads the PKI Credential Mapping provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Valueweblogic.security.providers.credentials.PKICredentialMapperProviderImpl
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedExportConstraints

      The credential maps that you want to be exported from this PKI Credential Mapping provider's database. If no constraints are specified, all are exported.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value passwords
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedExportFormats

      The format of the file to export. The list of supported export formats is determined by this PKI Credential Mapping provider.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value PKICreds
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportConstraints

      The PKI credential maps that you want to be imported into this Credential Mapping provider's database. If no constraints are specified, all are imported.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      SupportedImportFormats

      The format of the file to import. The list of supported import formats is determined by the PKI Credential Mapping provider from which the credential maps were originally exported.

             
      Privileges Read only
      Typeclass java.lang.String[]
      Default Value PKICreds
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

      UseInitiatorGroupNames

      Specifies whether to enables selection of credential mappings based on the group names of the initiator.

             
      Privileges Read/Write
      Typeboolean
      Default Valuetrue

      UseResourceHierarchy

      Specifies whether to enable selection of credential mappings by traversing up the resource hierachy for each type of resource

             
      Privileges Read/Write
      Typeboolean
      Default Valuetrue

      Version

      The version of the PKI Credential Mapping provider.

             
      Privileges Read only
      Typejava.lang.String
      Default Value1.0
      Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.


      Operations

      This section describes the following operations:


      advance

      Advances the list to the next element in the list.

         
      Operation Name"advance"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.

      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      close

      Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

         
      Operation Name"close"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.

      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      exportData

      Exports provider specific data in a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"exportData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for exporting provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to write data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when exporting data. A null value indicates that all data will be exported.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      getCertificate

      For a certificate entry this method will return the certificate corresponding to the alias. For a keyentry it will return the first Certificate entry in a CertificateChain.

         
      Operation Name"getCertificate"
      ParametersObject [] {  keystoreAlias }

      where:

      • keystoreAlias is an object of type java.lang.String that specifies:

        - The keystore alias.

      SignatureString [] { "java.lang.String" }
      ReturnsCertificate
      Exceptions
      • weblogic.management.utils.NotFoundException

      getCurrentCredAction

      Gets an credential action from a list that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the credential action that corresponds to current location in the list.

         
      Operation Name"getCurrentCredAction"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getCurrentCredential

      Gets the keystore alias from a credentials map that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the keystore alias that corresponds to current location in the list.

         
      Operation Name"getCurrentCredential"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappings or the listMappingsByPattern method.

      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getCurrentInitiatorIdentityDomain

      Gets an identity domain associated with the user from a list that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the identity domain associated with the username that corresponds to current location in the list.

         
      Operation Name"getCurrentInitiatorIdentityDomain"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getCurrentInitiatorName

      Gets an username from a list that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the username that corresponds to current location in the list.

         
      Operation Name"getCurrentInitiatorName"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getCurrentResourceId

      Gets the current resource id from a list that has been returned from the and listMappingsByPattern() method. This method returns the resource id that corresponds to current location in the list.

         
      Operation Name"getCurrentResourceId"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappingsByPattern method.

      SignatureString [] { "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      getKeystoreAlias

      Gets the keystore alias that is mapped to a username for a particular resource and credential action.

         
      Operation Name"getKeystoreAlias"
      ParametersObject [] {  resourceIduserNameidentityDomainisInitiatorUserNamecredActioncredType }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource id that is used to map user names to keystore alias and password. A resource object such as weblogic.security.service.ResourceManager assigns IDs to external sources.

      • userName is an object of type java.lang.String that specifies:

        - The username that is mapped to the alias and password.

      • identityDomain is an object of type java.lang.String that specifies:

        - The identity domain of the user.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - Set true if the initiator name passed in is the username. False otherwise.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action for which the mapping is created for.

      • credType is an object of type java.lang.String that specifies:

        - The credential type.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
        NotFoundException - This exception is thrown if the keystore alias is not found.

      getKeystoreAlias

      Gets the keystore alias that is mapped to a username for a particular resource and credential action.

         
      Operation Name"getKeystoreAlias"
      ParametersObject [] {  resourceIduserNameisInitiatorUserNamecredActioncredType }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource id that is used to map user names to keystore alias and password. A resource object such as weblogic.security.service.ResourceManager assigns IDs to external sources.

      • userName is an object of type java.lang.String that specifies:

        - The username that is mapped to the alias and password.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - Set true if the initiator name passed in is the username. False otherwise.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action for which the mapping is created for.

      • credType is an object of type java.lang.String that specifies:

        - The credential type.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      ReturnsString
      Exceptions
      • weblogic.management.utils.NotFoundException
        NotFoundException - This exception is thrown if the keystore alias is not found.

      haveCurrent

      Returns true if there are more objects in the list, and false otherwise.

         
      Operation Name"haveCurrent"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor returned from a previous list method.

      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      importData

      Imports provider specific data from a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

         
      Operation Name"importData"
      ParametersObject [] {  formatfilenameconstraints }

      where:

      • format is an object of type java.lang.String that specifies:

        - The format for importing provider specific data.

      • filename is an object of type java.lang.String that specifies:

        - The full path to the filename used to read data.

      • constraints is an object of type java.util.Properties that specifies:

        - The constraints to be used when importing data. A null value indicates that all data will be imported.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
      Returns void
      Exceptions
      • weblogic.management.utils.InvalidParameterException
      • weblogic.management.utils.ErrorCollectionException

      isInitiatorUserName

      Returns whether the initiator name from a list that has been returned from the listMappings or the listMappingsByPattern()method is a user name or a group name. Method returns true if the username returned by the getCurrentInitiatorName is a user name. If the initiator name returned is a Group name this method returns false.

         
      Operation Name"isInitiatorUserName"
      ParametersObject [] {  cursor }

      where:

      • cursor is an object of type java.lang.String that specifies:

        - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • weblogic.management.utils.InvalidCursorException

      isSet

      Returns true if the specified attribute has been set explicitly in this MBean instance.

         
      Operation Name"isSet"
      ParametersObject [] {  propertyName }

      where:

      • propertyName is an object of type java.lang.String that specifies:

        property to check

      SignatureString [] { "java.lang.String" }
      Returns boolean
      Exceptions
      • java.lang.IllegalArgumentException

      listAllCertEntryAliases

      Returns a list of all the public certificate aliases currently configured in the keystore. Console can call this method to display a list of all possible certificate aliases.

         
      Operation Name"listAllCertEntryAliases"
      Parametersnull
      Signaturenull
      Returns class
      Exceptions
      • weblogic.management.utils.NotFoundException

      listAllKeypairEntryAliases

      Returns a list of all the key pair aliases that currently configured in the keystore. Console can call this method to display a list of all possible keypair aliases.

         
      Operation Name"listAllKeypairEntryAliases"
      Parametersnull
      Signaturenull
      Returns class
      Exceptions
      • weblogic.management.utils.NotFoundException

      listMappings

      Gets a list of usernames, credential actions, keystore aliases and their passwords. Returns a cursor as a string. Use the getCurrentUserName(),getCurrentCredential(), getCurrentCredAction() methods to get the username, keystore alias and credential action for the current item in the list.

         
      Operation Name"listMappings"
      ParametersObject [] {  resourceIdcredType }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - the resource id that the credential mappings are created for. A resource object such as weblogic.security.service.ResourceManager assigns IDs to external sources.

      • credType is an object of type java.lang.String that specifies:

        - The credential type

      SignatureString [] { "java.lang.String", "java.lang.String" }
      ReturnsString

      listMappingsByPattern

      Gets a list of all the configured credential mappings. Returns a cursor as a string. Use the getCurrentUserName(), getCurrentCredAction(), getCurrentResourceId(), getCurrentCredential() methods to get the username, credential action, resource id and keystore alias for the current item in the list.

         
      Operation Name"listMappingsByPattern"
      ParametersObject [] {  resourceIdPatternmaxToReturncredType }

      where:

      • resourceIdPattern is an object of type java.lang.String that specifies:

        - the resource id pattern to filter the records to be returned. If you pass null or * the method will not filter and return all records.

      • maxToReturn is an object of type java.lang.Integer that specifies:

        - The maximum number of records to return

      • credType is an object of type java.lang.String that specifies:

        - The credential type

      SignatureString [] { "java.lang.String", "java.lang.Integer", "java.lang.String" }
      ReturnsString

      removePKICredentialMapping

      Removes the mapping between the principalName, resourceid and credential action to the keystore alias.

         
      Operation Name"removePKICredentialMapping"
      ParametersObject [] {  resourceIdprincipalNameidentityDomainisInitiatorUserNamecredActioncredType }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias and password.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • identityDomain is an object of type java.lang.String that specifies:

        - The identity domain associated with the principal name.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • credType is an object of type java.lang.String that specifies:

        - The credential type.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException

      removePKICredentialMapping

      Removes the mapping between the principalName, resourceid and credential action to the keystore alias.

         
      Operation Name"removePKICredentialMapping"
      ParametersObject [] {  resourceIdprincipalNameisInitiatorUserNamecredActioncredType }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias and password.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • credType is an object of type java.lang.String that specifies:

        - The credential type.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.NotFoundException

      setCertificateCredential

      Creates a public certificate mapping between the principalName, resourceid and credential action to the keystore alias.

         
      Operation Name"setCertificateCredential"
      ParametersObject [] {  resourceIdprincipalNameidentityDomainisInitiatorUserNamecredActionkeystoreAlias }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • identityDomain is an object of type java.lang.String that specifies:

        - The identity domain associated with the principal name.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • keystoreAlias is an object of type java.lang.String that specifies:

        - The keystore alias.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.CreateException
        CreateException - Exception thrown if the keystore alias does not point to a certificate entry.

      setCertificateCredential

      Creates a public certificate mapping between the principalName, resourceid and credential action to the keystore alias.

         
      Operation Name"setCertificateCredential"
      ParametersObject [] {  resourceIdprincipalNameisInitiatorUserNamecredActionkeystoreAlias }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • keystoreAlias is an object of type java.lang.String that specifies:

        - The keystore alias.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
      Returns void
      Exceptions
      • weblogic.management.utils.CreateException
        CreateException - Exception thrown if the keystore alias does not point to a certificate entry.

      setKeypairCredential

      Creates a keypair mapping between the principalName, resourceid and credential action to the keystore alias and the corresponding password.

         
      Operation Name"setKeypairCredential"
      ParametersObject [] {  resourceIdprincipalNameidentityDomainisInitiatorUserNamecredActionkeystoreAliaspassword }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias and password.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • identityDomain is an object of type java.lang.String that specifies:

        - The identity domain associated with the principal name.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • keystoreAlias is an object of type java.lang.String that specifies:

        - The keystore alias.

      • password is an object of type [C that specifies:

        - The password for the keystore entry.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String", "[C" }
      Returns void
      Exceptions
      • weblogic.management.utils.CreateException
        CreateException - Exception thrown if the keystore alias does not point to a keypair entry or if the password supplied here is not correct.

      setKeypairCredential

      Creates a keypair mapping between the principalName, resourceid and credential action to the keystore alias and the corresponding password.

         
      Operation Name"setKeypairCredential"
      ParametersObject [] {  resourceIdprincipalNameisInitiatorUserNamecredActionkeystoreAliaspassword }

      where:

      • resourceId is an object of type java.lang.String that specifies:

        - The resource for which the user name is mapped to the keystore alias and password.

      • principalName is an object of type java.lang.String that specifies:

        - The principalName used in the credential mapping.

      • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

        - True if the initiator name is a user name. False if it is a group.

      • credAction is an object of type java.lang.String that specifies:

        - The credential action.

      • keystoreAlias is an object of type java.lang.String that specifies:

        - The keystore alias.

      • password is an object of type [C that specifies:

        - The password for the keystore entry.

      SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String", "[C" }
      Returns void
      Exceptions
      • weblogic.management.utils.CreateException
        CreateException - Exception thrown if the keystore alias does not point to a keypair entry or if the password supplied here is not correct.

      unSet

      Restore the given property to its default value.

         
      Operation Name"unSet"
      ParametersObject [] {  propertyName }

      where:

      • propertyName is an object of type java.lang.String that specifies:

        property to restore

      SignatureString [] { "java.lang.String" }
      Returns void
      Exceptions
      • java.lang.IllegalArgumentException
        UnsupportedOperationException if called on a runtime implementation.

      wls_getDisplayName

      Returns the display name of an MBean.

      Deprecated 9.0.0.0

         
      Operation Name"wls_getDisplayName"
      Parametersnull
      Signaturenull
      ReturnsString