public interface RealmMBean extends StandardInterface, DescriptorBean
The MBean that represents configuration attributes for the security realm.
A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).
Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).
One security realm in the WebLogic domain must have the DefaultRealm
attribute set to true. The security realm with the DefaultRealm
attribute set to true is used as the default
security realm for the WebLogic domain. Note that other available security realms
must have the DefaultRealm
attribute set to false.
When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.
Since security providers are scoped by realm, the
Realm
attribute on a security provider
must be set to the realm that uses the provider.
Modifier and Type | Method and Description |
---|---|
AdjudicatorMBean |
createAdjudicator(String type)
Creates an Adjudication provider in this security realm and removes
this security realm's previous Adjudication provider.
|
AdjudicatorMBean |
createAdjudicator(String name,
String type)
Creates an Adjudication provider in this security realm and removes
this security realm's previous Adjudication provider.
|
AuditorMBean |
createAuditor(String type)
Creates an Auditing provider in this security realm.
|
AuditorMBean |
createAuditor(String name,
String type)
Creates an Auditing provider in this security realm.
|
AuthenticationProviderMBean |
createAuthenticationProvider(String type)
Creates an Authentication provider in this security realm.
|
AuthenticationProviderMBean |
createAuthenticationProvider(String name,
String type)
Creates an Authentication provider in this security realm.
|
AuthorizerMBean |
createAuthorizer(String type)
Creates an Authorization provider in this security realm.
|
AuthorizerMBean |
createAuthorizer(String name,
String type)
Creates an Authorization provider in this security realm.
|
CertPathProviderMBean |
createCertPathProvider(String type)
Creates a Certification Path provider in this security realm.
|
CertPathProviderMBean |
createCertPathProvider(String name,
String type)
Creates a Certification Path provider in this security realm.
|
CredentialMapperMBean |
createCredentialMapper(String type)
Creates a Credential Mapping provider in this security realm.
|
CredentialMapperMBean |
createCredentialMapper(String name,
String type)
Creates a Credential Mapping provider in this security realm.
|
PasswordValidatorMBean |
createPasswordValidator(String type)
Creates a Password Validator provider in this security realm.
|
PasswordValidatorMBean |
createPasswordValidator(String name,
String type)
Creates a Password Validator provider in this security realm.
|
RDBMSSecurityStoreMBean |
createRDBMSSecurityStore()
Creates configuration for the RDBMS security store.
|
RDBMSSecurityStoreMBean |
createRDBMSSecurityStore(String name)
Creates configuration for the RDBMS security store with the specified name.
|
RoleMapperMBean |
createRoleMapper(String type)
Creates a Role Mapping provider in this security realm.
|
RoleMapperMBean |
createRoleMapper(String name,
String type)
Creates a Role Mapping provider in this security realm.
|
void |
destroyAdjudicator()
Removes the configuration this security realm's Adjudication provider (if there is one).
|
void |
destroyAuditor(AuditorMBean auditor)
Removes the configuration for an Auditing provider in this security realm.
|
void |
destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider)
Removes the configuration for an Authentication provider in this security realm.
|
void |
destroyAuthorizer(AuthorizerMBean authorizer)
Removes the configuration for an Authorization provider in this security realm.
|
void |
destroyCertPathProvider(CertPathProviderMBean certPathProvider)
Removes the configuration for a Certification Path provider in this security realm.
|
void |
destroyCredentialMapper(CredentialMapperMBean credentialMapper)
Removes the configuration for a Credential Mapping provider in this security realm.
|
void |
destroyPasswordValidator(PasswordValidatorMBean provider)
Removes the configuration for a Password Validator provider in this security realm.
|
void |
destroyRDBMSSecurityStore()
Destroys and removes the existing RDBMS security store which is a child of this
realm.
|
void |
destroyRoleMapper(RoleMapperMBean roleMapper)
Removes the configuration for a Role Mapping provider in this security realm.
|
AdjudicatorMBean |
getAdjudicator()
Returns the Adjudication provider for this security realm.
|
String[] |
getAdjudicatorTypes()
Returns the types of Adjudication providers that may be created in this security realm,
for example,
weblogic.security.providers.authorization.DefaultAdjudicator . |
AuditorMBean[] |
getAuditors()
Returns the Auditing providers for this security realm (in invocation order).
|
String[] |
getAuditorTypes()
Returns the types of Auditing providers that may be created in this security realm,
for example,
weblogic.security.providers.audit.DefaultAuditor . |
AuthenticationProviderMBean[] |
getAuthenticationProviders()
Returns the Authentication providers for this security realm (in invocation order).
|
String[] |
getAuthenticationProviderTypes()
Returns the types of Authentication providers that may be created in this security realm,
for example,
weblogic.security.providers.authentication.DefaultAuthenticator . |
String |
getAuthMethods()
Returns a comma separated string of authentication methods that should be
used when the Web application specifies "REALM" as its auth-method.
|
AuthorizerMBean[] |
getAuthorizers()
Returns the Authorization providers for this security realm (in invocation order).
|
String[] |
getAuthorizerTypes()
Returns the types of Authorization providers that may be created in this security realm,
for example,
weblogic.security.providers.authorization.DefaultAuthorizer . |
CertPathBuilderMBean |
getCertPathBuilder()
Returns the CertPath Builder provider in this security realm that will be used
by the security system to build certification paths.
|
CertPathProviderMBean[] |
getCertPathProviders()
Returns the Certification Path providers for this security realm (in invocation order).
|
String[] |
getCertPathProviderTypes()
Returns the types of Certification Path providers that may be created in this security realm,
for example,
weblogic.security.providers.pk.WebLogicCertPathProvider . |
CredentialMapperMBean[] |
getCredentialMappers()
Returns the Credential Mapping providers for this security realm (in invocation order).
|
String[] |
getCredentialMapperTypes()
Returns the types of Credential Mapping providers that may be created in this security realm,
for example,
weblogic.security.providers.credentials.DefaultCredentialMapper . |
Integer |
getDeployableProviderSynchronizationTimeout()
Returns the timeout value, in milliseconds, for the deployable security provider synchronization operation.
|
String |
getManagementIdentityDomain()
Sets the Management Identity Domain value for the realm.
|
Integer |
getMaxWebLogicPrincipalsInCache()
Returns the maximum size of the LRU cache for holding WebLogic Principal signatures.
|
String |
getName()
The name of this configuration.
|
PasswordValidatorMBean[] |
getPasswordValidators()
Returns the Password Validator providers for this security realm (in invocation order).
|
String[] |
getPasswordValidatorTypes()
Returns the types of Password Validator providers that may be created in this security realm,
for example,
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator . |
RDBMSSecurityStoreMBean |
getRDBMSSecurityStore()
Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS
security store configuration.
|
int |
getRetireTimeoutSeconds()
Specifies the retire timeout for a realm that is restarted.
|
RoleMapperMBean[] |
getRoleMappers()
Returns the Role Mapping providers for this security realm (in invocation order).
|
String[] |
getRoleMapperTypes()
Returns the types of Role Mapping providers that may be created in this security realm,
for example,
weblogic.security.providers.authorization.DefaultRoleMapper . |
String |
getSecurityDDModel()
Specifies the default security model for Web applications or EJBs
that are secured by this security realm.
|
UserLockoutManagerMBean |
getUserLockoutManager()
Returns the User Lockout Manager for this security realm.
|
boolean |
isAutoRestartOnNonDynamicChanges()
Specifies whether the Realm will be auto-restarted if
non-dynamic changes are made to the realm or providers within the realm.
|
boolean |
isCombinedRoleMappingEnabled()
Determines how the role mappings in the Enterprise Application, Web
application, and EJB containers interact.
|
boolean |
isDefaultRealm()
Deprecated.
9.0.0.0 Replaced by
SecurityConfigurationMBean.getDefaultRealm() |
boolean |
isDelegateMBeanAuthorization()
Configures the WebLogic Server MBean servers to use the security realm's Authorization providers
to determine whether a JMX client has permission to access an MBean attribute or invoke an
MBean operation.
|
boolean |
isDeployableProviderSynchronizationEnabled()
Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
|
boolean |
isDeployCredentialMappingIgnored()
Deprecated.
9.0.0.0
|
boolean |
isDeployPolicyIgnored()
Deprecated.
9.0.0.0
|
boolean |
isDeployRoleIgnored()
Deprecated.
9.0.0.0
|
boolean |
isEnableWebLogicPrincipalValidatorCache()
Returns whether the WebLogic Principal Validator caching is enabled.
|
boolean |
isFullyDelegateAuthorization()
Deprecated.
9.0.0.0
|
boolean |
isValidateDDSecurityData()
Not used in this release.
|
AuditorMBean |
lookupAuditor(String name)
Finds an Auditing provider in this security realm.
|
AuthenticationProviderMBean |
lookupAuthenticationProvider(String name)
Finds an Authentication provider in this security realm.
|
AuthorizerMBean |
lookupAuthorizer(String name)
Finds an Authorization provider in this security realm.
|
CertPathProviderMBean |
lookupCertPathProvider(String name)
Finds a Certification Path provider in this security realm.
|
CredentialMapperMBean |
lookupCredentialMapper(String name)
Finds a Credential Mapping provider in this security realm.
|
PasswordValidatorMBean |
lookupPasswordValidator(String name)
Finds an Password Validator provider in this security realm.
|
RoleMapperMBean |
lookupRoleMapper(String name)
Finds a Role Mapping provider in this security realm.
|
void |
setAuditors(AuditorMBean[] auditors)
Changes the invocation order of this security realm's Auditing providers.
|
void |
setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders)
Changes the invocation order of this security realm's Authentication providers.
|
void |
setAuthMethods(String methods)
Set the authentication methods that should be used when the Web
application specifies "REALM" as its auth-method.
|
void |
setAuthorizers(AuthorizerMBean[] authorizers)
Changes the invocation order of this security realm's Authorization providers.
|
void |
setAutoRestartOnNonDynamicChanges(boolean autorestart)
Sets the value of the AutoRestartOnNonDynamicChanges attribute.
|
void |
setCertPathBuilder(CertPathBuilderMBean certPathBuilder)
Determines which of this security realm's
CertPathProviders will be used
by the security system to build certification paths. |
void |
setCertPathProviders(CertPathProviderMBean[] certPathProviders)
Changes the invocation order of this security realm's Certification Path providers.
|
void |
setCombinedRoleMappingEnabled(boolean combined)
Sets whether application role mappings are combined
by the Java EE containers.
|
void |
setCredentialMappers(CredentialMapperMBean[] credentialMappers)
Changes the invocation order of this security realm's Credential Mapping providers.
|
void |
setDefaultRealm(boolean isDefault)
Deprecated.
|
void |
setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization)
Sets the value of the DelegateMBeanAuthorization attribute.
|
void |
setDeployableProviderSynchronizationEnabled(boolean enabled)
Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
|
void |
setDeployableProviderSynchronizationTimeout(Integer timeout)
Specifies the timeout value, in milliseconds, for the deployable security provider synchronization operation.
|
void |
setDeployCredentialMappingIgnored(boolean ignored)
Deprecated.
9.0.0.0
|
void |
setDeployPolicyIgnored(boolean ignored)
Deprecated.
9.0.0.0
|
void |
setDeployRoleIgnored(boolean ignored)
Deprecated.
9.0.0.0
|
void |
setEnableWebLogicPrincipalValidatorCache(boolean enabled)
Sets whether the WebLogic Principal Validator caching is enabled.
|
void |
setFullyDelegateAuthorization(boolean fullyDelegate)
Deprecated.
9.0.0.0
|
void |
setManagementIdentityDomain(String idd)
Sets the value of the Management Identity Domain attribute.
|
void |
setMaxWebLogicPrincipalsInCache(Integer size)
Sets the maximum size of the LRU cache for holding WebLogic Principal signatures.
|
void |
setPasswordValidators(PasswordValidatorMBean[] passwordvalidators)
Sets the Password Validator providers for this security realm (in invocation order).
|
void |
setRetireTimeoutSeconds(int timeout)
Sets the value of the RetireTimeoutSeconds attribute.
|
void |
setRoleMappers(RoleMapperMBean[] roleMappers)
Changes the invocation order of this security realm's Role Mapping providers.
|
void |
setSecurityDDModel(String model)
Sets the default security deployment model for applications deployed in this security realm.
|
void |
setValidateDDSecurityData(boolean validate)
Sets whether security data in the deployment descriptor is validated.
|
void |
validate()
Deprecated.
9.0.0.0 This method is no longer required since activating a configuration
transaction does this check automatically on the default realm, and will not allow
the configuration to be saved if the domain does not have a valid default realm configured.
|
addPropertyChangeListener, createChildCopyIncludingObsolete, getParentBean, isEditable, removePropertyChangeListener
AuditorMBean[] getAuditors()
void setAuditors(AuditorMBean[] auditors) throws InvalidAttributeValueException
auditors
- - The new invocation order for this security realm's
Auditing providers. It should contain exactly the same Auditing providers
that getAuditors()
returns, except in a different order.
Note: For the purpose of backward compatibility with previous releases of WebLogic Server,
auditors
may also contain Auditing providers that do
not already belong to this security realm and are not contained by another
security realm. In this circumstance, these Auditing providers will be moved to this
security realm. Similarly, auditors
can be missing
some of this security realm's current Auditing providers. All
missing Auditing providers will be removed from this security realm.
These behaviors are deprecated in this release of WebLogic Server and will be removed in
a future release.InvalidAttributeValueException
String[] getAuditorTypes()
weblogic.security.providers.audit.DefaultAuditor
.
Use this method to find the available types to pass to createAuditor
AuditorMBean createAuditor(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Auditing provider, for example, DefaultAuditor
type
- - The type of this Auditing provider, for example,
weblogic.security.providers.audit.DefaultAuditor
Use getAuditorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuditorMBean createAuditor(String type) throws ClassNotFoundException, JMException
type
- - The type of this Auditing provider, for example,
weblogic.security.providers.audit.DefaultAuditor
Use getAuditorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuditor(AuditorMBean auditor)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Auditing providers.auditor
- - The Auditing provider to remove.AuditorMBean lookupAuditor(String name)
name
- AuthenticationProviderMBean[] getAuthenticationProviders()
void setAuthenticationProviders(AuthenticationProviderMBean[] authenticationProviders) throws InvalidAttributeValueException
authenticationProviders
- - The new invocation order for this security realm's
Authentication providers. It should contain exactly the same Authentication providers
that getAuthenticationProviders()
returns, except in a different order.
Note: For the purpose of backward compatibility with previous releases of WebLogic Server,
authenticationProviders
may also contain Authentication providers that do
not already belong to this security realm and are not contained by another
security realm. In this circumstance, these Authentication providers will be moved to this
security realm. Similarly, authenticationProviders
can be missing
some of this security realm's current Authentication providers. All
missing Authentication providers will be removed from this security realm.
These behaviors are deprecated in this release of WebLogic Server and will be removed in
a future release.InvalidAttributeValueException
String[] getAuthenticationProviderTypes()
weblogic.security.providers.authentication.DefaultAuthenticator
.
Use this method to find the available types to pass to createAuthenticationProvider
AuthenticationProviderMBean createAuthenticationProvider(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Authentication provider, for example, DefaultAuthenticator
type
- - The type of this Authentication provider, for example,
weblogic.security.providers.authentication.DefaultAuthenticator
Use getAuthenticationProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuthenticationProviderMBean createAuthenticationProvider(String type) throws ClassNotFoundException, JMException
type
- - The type of this Authentication provider, for example,
weblogic.security.providers.authentication.DefaultAuthenticator
Use getAuthenticationProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuthenticationProvider(AuthenticationProviderMBean authenticationProvider)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Authentication providers.authenticationProvider
- - The Authentication provider to remove.AuthenticationProviderMBean lookupAuthenticationProvider(String name)
name
- RoleMapperMBean[] getRoleMappers()
void setRoleMappers(RoleMapperMBean[] roleMappers) throws InvalidAttributeValueException
roleMappers
- - The new invocation order for this security realm's
Role Mapping providers. It should contain exactly the same Role Mapping providers
that getRoleMappers()
returns, except in a different order.
Note: For the purpose of backward compatibility with previous releases of WebLogic Server,
roleMappers
may also contain Role Mapping providers that do
not already belong to this security realm and are not contained by another
security realm. In this circumstance, these Role Mapping providers will be moved to this
security realm. Similarly, roleMappers
can be missing
some of this security realm's current Role Mapping providers. All
missing Role Mapping providers will be removed from this security realm.
These behaviors are deprecated in this release of WebLogic Server and will be removed in
a future release.InvalidAttributeValueException
String[] getRoleMapperTypes()
weblogic.security.providers.authorization.DefaultRoleMapper
.
Use this method to find the available types to pass to createRoleMapper
RoleMapperMBean createRoleMapper(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Role Mapping provider, for example, DefaultRoleMapper
type
- - The type of this Role Mapping provider, for example,
weblogic.security.providers.authorization.DefaultRoleMapper
Use getRoleMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
RoleMapperMBean createRoleMapper(String type) throws ClassNotFoundException, JMException
type
- - The type of this Role Mapping provider, for example,
weblogic.security.providers.authorization.DefaultRoleMapper
Use getRoleMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyRoleMapper(RoleMapperMBean roleMapper)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Role Mapping providers.roleMapper
- - The Role Mapping provider to remove.RoleMapperMBean lookupRoleMapper(String name)
name
- AuthorizerMBean[] getAuthorizers()
void setAuthorizers(AuthorizerMBean[] authorizers) throws InvalidAttributeValueException
authorizers
- - The new invocation order for this security realm's
Authorization providers. It should contain exactly the same Authorization providers
that getAuthorizers()
returns, except in a different order.
Note: For the purpose of backward compatibility with previous releases of WebLogic Server,
authorizers
may also contain Authorization providers that do
not already belong to this security realm and are not contained by another
security realm. In this circumstance, these Authorization providers will be moved to this
security realm. Similarly, authorizers
can be missing
some of this security realm's current Authorization providers. All
missing Authorization providers will be removed from this security realm.
These behaviors are deprecated in this release of WebLogic Server and will be removed in
a future release.InvalidAttributeValueException
String[] getAuthorizerTypes()
weblogic.security.providers.authorization.DefaultAuthorizer
.
Use this method to find the available types to pass to createAuthorizer
AuthorizerMBean createAuthorizer(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Authorization provider, for example, DefaultAuthorizer
type
- - The type of this Authorization provider, for example,
weblogic.security.providers.authorization.DefaultAuthorizer
Use getAuthorizerTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AuthorizerMBean createAuthorizer(String type) throws ClassNotFoundException, JMException
type
- - The type of this Authorization provider, for example,
weblogic.security.providers.authorization.DefaultAuthorizer
Use getAuthorizerTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAuthorizer(AuthorizerMBean authorizer)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Authorization providers.authorizer
- - The Authorization provider to remove.AuthorizerMBean lookupAuthorizer(String name)
name
- AdjudicatorMBean getAdjudicator()
String[] getAdjudicatorTypes()
weblogic.security.providers.authorization.DefaultAdjudicator
.
Use this method to find the available types to pass to createAdjudicator
AdjudicatorMBean createAdjudicator(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Adjudication provider, for example, DefaultAdjudicator
type
- - The type of this Adjudication provider, for example,
weblogic.security.providers.authorization.DefaultAdjudicator
Use getAdjudicatorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
AdjudicatorMBean createAdjudicator(String type) throws ClassNotFoundException, JMException
type
- - The type of this Adjudication provider, for example,
weblogic.security.providers.authorization.DefaultAdjudicator
Use getAdjudicatorTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyAdjudicator()
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Adjudication provider.CredentialMapperMBean[] getCredentialMappers()
void setCredentialMappers(CredentialMapperMBean[] credentialMappers) throws InvalidAttributeValueException
credentialMappers
- - The new invocation order for this security realm's
Credential Mapping providers. It should contain exactly the same Credential Mapping providers
that getCredentialMappers()
returns, except in a different order.
Note: For the purpose of backward compatibility with previous releases of WebLogic Server,
credentialMappers
may also contain Credential Mapping providers that do
not already belong to this security realm and are not contained by another
security realm. In this circumstance, these Credential Mapping providers will be moved to this
security realm. Similarly, credentialMappers
can be missing
some of this security realm's current Credential Mapping providers. All
missing Credential Mapping providers will be removed from this security realm.
These behaviors are deprecated in this release of WebLogic Server and will be removed in
a future release.InvalidAttributeValueException
String[] getCredentialMapperTypes()
weblogic.security.providers.credentials.DefaultCredentialMapper
.
Use this method to find the available types to pass to createCredentialMapper
CredentialMapperMBean createCredentialMapper(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Credential Mapping provider, for example, DefaultCredentialMapper
type
- - The type of this Credential Mapping provider, for example,
weblogic.security.providers.credentials.DefaultCredentialMapper
Use getCredentialMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
CredentialMapperMBean createCredentialMapper(String type) throws ClassNotFoundException, JMException
type
- - The type of this Credential Mapping provider, for example,
weblogic.security.providers.credentials.DefaultCredentialMapper
Use getCredentialMapperTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyCredentialMapper(CredentialMapperMBean credentialMapper)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Credential Mapping providers.credentialMapper
- - The Credential Mapping provider to remove.CredentialMapperMBean lookupCredentialMapper(String name)
name
- CertPathProviderMBean[] getCertPathProviders()
void setCertPathProviders(CertPathProviderMBean[] certPathProviders) throws InvalidAttributeValueException
certPathProviders
- - The new invocation order for this security realm's
Certification Path providers. It should contain exactly the same Certification Path providers
that getCertPathProviders()
returns, except in a different order.InvalidAttributeValueException
String[] getCertPathProviderTypes()
weblogic.security.providers.pk.WebLogicCertPathProvider
.
Use this method to find the available types to pass to createCertPathProvider
CertPathProviderMBean createCertPathProvider(String name, String type) throws ClassNotFoundException, JMException
name
- - The name of this Certification Path provider, for example, WebLogicCertPathProvider
type
- - The type of this Certification Path provider, for example,
weblogic.security.providers.pk.WebLogicCertPathProvider
Use getCertPathProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
CertPathProviderMBean createCertPathProvider(String type) throws ClassNotFoundException, JMException
The active security realm must contain at least one Certification Path provider that is a CertPath Builder provider and at least one Certificate Path provider that is a CertPath Validator provider.
type
- - The type of this Certification Path provider, for example,
weblogic.security.providers.pk.WebLogicCertPathProvider
Use getCertPathProviderTypes
to find the list of types that may be specified.ClassNotFoundException
- is thrown if an invalid type is specified.JMException
void destroyCertPathProvider(CertPathProviderMBean certPathProvider)
weblogic.management.configuration.SecurityConfigurationMBean.destroyRealm
automatically removes the security realm's Certification Path providers.
If certPathProvider
has been selected as this security realm's
CertPathBuilder
, then this security realm's will have no
CertPathBuilder
.
certPathProvider
- - The Certification Path provider to remove.CertPathProviderMBean lookupCertPathProvider(String name)
name
- CertPathBuilderMBean getCertPathBuilder()
CertPathProviders
.void setCertPathBuilder(CertPathBuilderMBean certPathBuilder) throws InvalidAttributeValueException
CertPathProviders
will be used
by the security system to build certification paths. The provider must implement
weblogic.management.security.pk.CertPathBuilder
.certPathBuilder
- - The new CertPath Builder for this security realm.
If null, this security realm will have no configured CertPathBuilder
.InvalidAttributeValueException
RealmMBean.getCertPathBuilder()
UserLockoutManagerMBean getUserLockoutManager()
boolean isDeployRoleIgnored()
void setDeployRoleIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy role ignored valueInvalidAttributeValueException
RealmMBean.isDeployRoleIgnored()
boolean isDeployPolicyIgnored()
void setDeployPolicyIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy policy ignored valueInvalidAttributeValueException
RealmMBean.isDeployPolicyIgnored()
boolean isDeployCredentialMappingIgnored()
void setDeployCredentialMappingIgnored(boolean ignored) throws InvalidAttributeValueException
ignored
- - the new deploy credential mapping ignored value.InvalidAttributeValueException
RealmMBean.isDeployCredentialMappingIgnored()
boolean isFullyDelegateAuthorization()
If false the containers are free to only call the security framework when security is set in the deployment descriptors.
void setFullyDelegateAuthorization(boolean fullyDelegate) throws InvalidAttributeValueException
fullyDelegate
- - the new fully delegate authorization value.InvalidAttributeValueException
RealmMBean.isFullyDelegateAuthorization()
boolean isValidateDDSecurityData()
Not used in this release.
void setValidateDDSecurityData(boolean validate) throws InvalidAttributeValueException
validate
- - the new validate deployment descriptor security data value.InvalidAttributeValueException
RealmMBean.isValidateDDSecurityData()
String getSecurityDDModel()
Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.
Note: If you deploy a module by modifying the domain's config.xml
file
and restarting the server, and if you do not specify a security model value
for the module in config.xml
, the module is secured with the default
value of the AppDeploymentMBean SecurityDDModel
attribute
(see getSecurityDDModel
).
Choose one of these security models:
Deployment Descriptors Only (DDOnly)
Customize Roles Only (CustomRoles)
Customize Roles and Policies (CustomRolesAndPolicies)
Advanced (Advanced)
You configure how this model behaves by setting values for the following options:
When Deploying Web Applications or EJBs
Note: When using the WebLogic Scripting Tool or JMX APIs,
there is no single MBean attribute for this setting. Instead,
you must set the values for the DeployPolicyIgnored
and
DeployRoleIgnored
attributes of RealmMBean
.
Check Roles and Policies (FullyDelegateAuthorization)
Combined Role Mapping Enabled (CombinedRoleMappingEnabled)
You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.
Note: Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.
RealmMBean.isDeployPolicyIgnored()
,
RealmMBean.isDeployRoleIgnored()
,
RealmMBean.isFullyDelegateAuthorization()
,
RealmMBean.isCombinedRoleMappingEnabled()
void setSecurityDDModel(String model) throws InvalidAttributeValueException
model
- - the new default security deployment model.InvalidAttributeValueException
RealmMBean.getSecurityDDModel()
boolean isCombinedRoleMappingEnabled()
Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.
When enabled:
OR
operator.web.xml
file
specify a role for which no mapping exists in the
weblogic.xml
file, the Web application container
creates an empty map for the undefined role (that is, the role is
explicitly defined as containing no principal). Therefore, no one
can access URL patterns that are secured by such policies.ejb-jar.xml
file
specify a role for which no mapping exists in the
weblogic-ejb-jar.xml
file, the EJB container creates an
empty map for the undefined role (that is, the role is explicitly
defined as containing no principal). Therefore, no one can access
methods that are secured by such policies.When disabled:
<externally-defined>
descriptor element.If one or more policies in the web.xml
file
specify a role for which no role mapping exists in the
weblogic.xml
file, the Web application container
assumes that the undefined role is the name of a principal. It
therefore maps the assumed principal to the role name. For example,
if the web.xml
file contains the following stanza in
one of its policies:
<auth-constraint>
<role-name>PrivilegedUser</role-name>
</auth-constraint>
but, if the weblogic.xml
file has no role mapping for
PrivilegedUser
, then the Web application container
creates an in-memory mapping that is equivalent to the following
stanza:
<security-role-assignment>
<role-name>PrivilegedUser</role-name>
<principal-name>PrivilegedUser</principal-name>
</security-role-assignment>
weblogic-ejb-jar.xml
file. Role mappings defined in the
other containers are not used unless defined by the
<externally-defined>
descriptor element.void setCombinedRoleMappingEnabled(boolean combined) throws InvalidAttributeValueException
If false the containers need enternally defined mappings to use application role mappings.
combined
- - the new combined role mapping value.InvalidAttributeValueException
RealmMBean.isCombinedRoleMappingEnabled()
void validate() throws ErrorCollectionException
ErrorCollectionException
- if this security realm is not valid.
The exception contains a list of ,
one for each reason this security realm is not valid. The text
of each exception describes the problem.
boolean isDefaultRealm()
SecurityConfigurationMBean.getDefaultRealm()
weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm
.void setDefaultRealm(boolean isDefault) throws InvalidAttributeValueException
SecurityConfigurationMBean.setDefaultRealm(weblogic.management.security.RealmMBean)
weblogic.management.configuration.SecurityConfigurationMBean.setDefautlRealm
.isDefault
- - whether or not this security realm is the Default realm
for the WebLogic domain.InvalidAttributeValueException
boolean isEnableWebLogicPrincipalValidatorCache()
Returns whether the WebLogic Principal Validator caching is enabled.
The Principal Validator is used by Oracle supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.
void setEnableWebLogicPrincipalValidatorCache(boolean enabled) throws InvalidAttributeValueException
enabled
- - the new enable weblogic principal validator cache value.InvalidAttributeValueException
RealmMBean.isEnableWebLogicPrincipalValidatorCache()
Integer getMaxWebLogicPrincipalsInCache()
EnableWebLogicPrincipalValidatorCache
is set
to true
void setMaxWebLogicPrincipalsInCache(Integer size) throws InvalidAttributeValueException
size
- - the new weblogic principals maximum cache sizeInvalidAttributeValueException
RealmMBean.getMaxWebLogicPrincipalsInCache()
String getName()
getName
in interface StandardInterface
boolean isDelegateMBeanAuthorization()
Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.
You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.
If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.
void setDelegateMBeanAuthorization(boolean deleteMBeanAuthorization) throws InvalidAttributeValueException
deleteMBeanAuthorization
- - the new delegate MBean authorization value.InvalidAttributeValueException
RealmMBean.isDelegateMBeanAuthorization()
String getAuthMethods()
void setAuthMethods(String methods)
RDBMSSecurityStoreMBean getRDBMSSecurityStore()
RealmMBean.createRDBMSSecurityStore()
RDBMSSecurityStoreMBean createRDBMSSecurityStore() throws JMException
destroyRDBMSSecurityStore
operation. The new security store MBean
will have this realm as its parent.JMException
- if an error occurs when creating a RDBMS security storeRealmMBean.destroyRDBMSSecurityStore()
RDBMSSecurityStoreMBean createRDBMSSecurityStore(String name) throws JMException
destroyRDBMSSecurityStore
operation. The new security
store MBean will have this realm as its parent.name
- the name of this RDBMS security storeJMException
- if an error occurs when creating a RDBMS security storeRealmMBean.destroyRDBMSSecurityStore()
void destroyRDBMSSecurityStore()
RealmMBean.createRDBMSSecurityStore()
PasswordValidatorMBean createPasswordValidator(String name, String type) throws ClassNotFoundException, JMException
name
- String The name for the given Password Validator provider MBeantype
- String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes
ClassNotFoundException
JMException
PasswordValidatorMBean createPasswordValidator(String type) throws ClassNotFoundException, JMException
type
- String The type of a Password Validator provider, all available types are in method getPasswordValidatorTypes
ClassNotFoundException
JMException
String[] getPasswordValidatorTypes()
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator
.
Use this method to find the available types to pass to createPasswordValidator
PasswordValidatorMBean[] getPasswordValidators()
void setPasswordValidators(PasswordValidatorMBean[] passwordvalidators) throws InvalidAttributeValueException
passwordvalidators
- - The password validator providers to be set for this security realm.InvalidAttributeValueException
PasswordValidatorMBean lookupPasswordValidator(String name)
name
- String The name of a Password Validator provider MBeanvoid destroyPasswordValidator(PasswordValidatorMBean provider)
provider
- PasswordValidatorMBean The Password Validator provider to removeboolean isDeployableProviderSynchronizationEnabled()
Specifies whether synchronization for deployable Authorization and Role Mapping providers is enabled.
The Authorization and Role Mapping providers may or may not support parallel security policy and role modification, respectively, in the security provider database. If the security providers do not support parallel modification, the WebLogic Security Framework enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.
void setDeployableProviderSynchronizationEnabled(boolean enabled) throws InvalidAttributeValueException
enabled
- - the new value indicating whether the synchronization for deployable Authorization and Role Mapping providers is enabledInvalidAttributeValueException
RealmMBean.isDeployableProviderSynchronizationEnabled()
Integer getDeployableProviderSynchronizationTimeout()
DeployableProviderSynchronizationEnabled
is set
to true
void setDeployableProviderSynchronizationTimeout(Integer timeout) throws InvalidAttributeValueException
timeout
- - the new timeout value (in milliseconds)InvalidAttributeValueException
RealmMBean.getDeployableProviderSynchronizationTimeout()
boolean isAutoRestartOnNonDynamicChanges()
Specifies whether the Realm will be auto-restarted if non-dynamic changes are made to the realm or providers within the realm.
void setAutoRestartOnNonDynamicChanges(boolean autorestart)
Sets the value of the AutoRestartOnNonDynamicChanges attribute.
autorestart
- The new AutoRestartOnNonDynamicChanges valueRealmMBean.isAutoRestartOnNonDynamicChanges()
int getRetireTimeoutSeconds()
Specifies the retire timeout for a realm that is restarted. The old realm will be shutdown after the specified timeout period has elapsed.
void setRetireTimeoutSeconds(int timeout)
Sets the value of the RetireTimeoutSeconds attribute.
timeout
- The new Retire Timeout Seconds valueRealmMBean.getRetireTimeoutSeconds()
String getManagementIdentityDomain()
Sets the Management Identity Domain value for the realm.
void setManagementIdentityDomain(String idd)
Sets the value of the Management Identity Domain attribute. Partition administrators with this identity domain can invoke on a subset of management operations for the realm. This allows the Partition Administrator to manage the realm data including users, groups, roles, and policies.
idd
- The new management identity domain valueRealmMBean.getManagementIdentityDomain()