Unlock User Accounts
Overview
WebLogic Server defines a set of attributes to protect user accounts from intruders. In the default security configuration, these attributes are set for maximum protection.
As a system administrator, you have the option of turning off all the attributes, increasing the number of login attempts before a user account is locked, increasing the time period in which invalid login attempts are made before locking the user account, and changing the amount of time a user account is locked. Remember that changing the attributes lessens security and leaves user accounts vulnerable to security attacks.
If a user account exceeds the values set for the attributes on this page, the user account becomes locked and the table on the Users page has the word Details in the table row for the user account. If a user account is locked repeatedly, further investigation is required. Repeated login failures could be a sign that a hacker is trying to break into the system. Note that the User Lockout attributes apply to the security realm and all its security providers. If you are using an Authentication provider that has its own mechanism for protecting user accounts, disable the Lockout Enabled attribute.
If a user account becomes locked and you delete the user account and add another user account with the same name and password, the UserLockout attribute will not be reset.
Tasks
Related Topics
Introduction to WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
The Security page in the WebLogic Server documentation
|
|
|