Securing WebLogic Server
Security Configuration MBeans
This section describes MBeans used in configuring the WebLogic Security Framework. Each MBean attribute is marked either dynamic, meaning that the attribute value can be changed without requiring a server restart, or non-dynamic, meaning that if you change the attribute value, you need to restart the server for the change to take effect. Note also that if an edit is made to a non-dynamic attribute, no edits to dynamic attributes will take effect until after restart. This is to assure that a batch of updates having a combination of dynamic and non-dynamic attribute edits will not be partially activated.
Any security MBeans not listed are completely non-dynamic (create or destroy MBean, change any attribute).
For more information about WebLogic Security MBeans, see:
- Managing Security Realms with JMX in Developing Custom Management Utilities with JMX
- Security MBeans in the WebLogic Server MBean Reference
SSLMBean
Creating or destroying this bean is dynamic.
Dynamic attributes:
Enabled, TwoWaySSLEnabled, ClientCertificateEnforced, ListenPort
Ciphersuites, ExportKeyLifespan, SSLRejectionLoggingEnabled, LoginTimeoutMillis
ServerCertificateChainFileName, ServerKeyFileName, ServerCertificateFileName, TrustedCAFileName
ServerPrivateKeyAlias, ServerPrivateKeyPassPhrase
IdentityAndTrustLocations
InboundCertificateValidation, OutboundCertificateValidation
All other attributes are non-dynamic.
ServerMBean
Creating or destroying this bean is dynamic.
Dynamic attributes:
KeyStores
CustomIdentityKeyStoreFileName, CustomIdentityKeyStoreType, CustomIdentityKeyStorePassPhrase
CustomTrustKeyStoreFileName, CustomTrustKeyStoreType, CustomTrustKeyStorePassPhrase
JavaStandardTrustKeyStorePassPhrase
All other attributes are non-dynamic.
EmbeddedLDAPMBean
Credential
All other attributes are non-dynamic
SecurityMBean
ConnectionFilterRules
ConnectionLoggerEnabled
All other attributes are non-dynamic
SecurityConfigurationMBean
Credential
ConnectionFilterRules, ConnectionLoggerEnabled, CompatibilityConnectionFiltersEnabled
NodeManagerUsername, NodeManagerPassword
All other attributes are non-dynamic.
RealmMBean
Creating or destroying this MBean is non-dynamic.
Dynamic attributes:
DeployRoleIgnored, DeployPolicyIgnored, DeployCredentialMappingIgnored
FullyDelegateAuthorization
ValidateDDSecurityData, SecurityDDModel
CombinedRoleMappingEnabled
All other attributes are non-dynamic
WindowsNTAuthenticatorMBean
Creating or destroying this MBean is non-dynamic.
Dynamic attributes:
BadDomainControllerRetryInterval
MapUPNNames, LogonType
MapNTDomainName
All other attributes are non-dynamic.
CustomDBMSAuthenticatorMBean
Creating or destroying this MBean is non-dynamic. The ControlFlag and read-only provider attributes (such as ProviderClassName and Description) are non-dynamic. All other attributes are dynamic.
ReadonlySQLAuthenticatorMBean
Creating or destroying this MBean is non-dynamic.
The ControlFlag and read-only provider attributes (such as ProviderClassName and Description) are non-dynamic. All other attributes are dynamic.
SQLAuthenticatorMBean
Creating or destroying this MBean is non-dynamic.
The ControlFlag and read-only provider attributes (such as ProviderClassName and Description) are non-dynamic. All other attributes are dynamic.
DefaultAuditorMBean
Creating or destroying this MBean is non-dynamic.
Dynamic attributes:
Severity
All other attributes are non-dynamic
Compatibility Security MBeans
All MBeans used for Compatibility security are completely non-dynamic (create or destroy MBean, change any attribute). These MBeans include:
RealmMBean
FileRealmMBean
BasicRealmMBean
CachingRealmMBean
PasswordPolicyMBean
CustomRealmMBean
LDAPRealmMBean
NTRealmMBean
RDBMSRealmMBean
UnixRealmMBean
UserLockoutManagerMBean
This MBean is completely non-dynamic (create or destroy MBean, change any attribute).
Other Security Provider MBeans
All other security MBeans are completely non-dynamic (create or destroy MBean, change any attribute).