WebLogic Adjudication Provider-->General
Tasks Related Topics Attributes
Overview
Use this page to configure a WebLogic Adjudication provider for a security realm. Note that the WebLogic Server Administration Console refers to the WebLogic Adjudication provider as the Default Adjudicator.
When multiple Authorization providers are configured in a security realm, each may return a different answer to the "is access allowed" question for a given resource. This answer may be PERMIT, DENY, or ABSTAIN. Determining what to do if mulitple Authorization providers do not agree on the answer is the primary function of the Adjudication provider. Adjudication providers resolve authorization conflicts by weighting each Authorization provider's answer and returning a final decision.
By default, the WebLogic Adjudication provider is configured. The WebLogic Adjudication provider behaves as follows:
- If all Authorization providers return PERMIT, then PERMIT.
- If any Authorization providers return DENY, then DENY.
- If some Authorization providers return ABSTAIN and others return PERMIT, then PERMIT if unanimous permit is not required, DENY otherwise.
You can use a custom Adjudication provider instead of the WebLogic Adjudication provider. For a custom Adjudication provider to be available in the WebLogic Server Administration Console, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.
Tasks
Configuring a New Security Realm
Configuring the WebLogic Adjudication Provider
Configuring a Custom Security Provider
Related Topics
Introduction to WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
The Security page in the WebLogic Server documentation
Attributes
|
|
|