PKICredentialMapperMBean

Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

This MBean represents configuration attributes for the PKI credential mapping provider.

Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.credentials.PKICredentialMapperMBean
   
Factory Methods No factory methods. Instances of this MBean are created automatically.

Related MBeans

This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.

     

    Realm

    Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

       
    Privileges Read only    
    Type RealmMBean
    Relationship type: Reference.

    Attributes

    This section describes the following attributes:

     

    Description

    Description of the PKI credential mapping provider.

    Description of the PKI credential mapping provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value PKI credential mapping Provider
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    KeyStoreFileName

    Location of the keystore relative to the directory where the server was started.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    KeyStorePassPhrase

    The Keystore password.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value
    Encrypted true

     

    KeyStorePassPhraseEncrypted

       
    Privileges Read/Write    
    Type byte[]
    Encrypted true

     

    KeyStoreProvider

    Represents a provider for the Java Security API that should be used.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value

     

    KeyStoreType

    The provider will generate a keystore object of this type. Default is JKS.

       
    Privileges Read/Write    
    Type java.lang.String
    Default Value JKS

     

    Name of

       
    Privileges Read only    
    Type java.lang.String
    Default Value PKICredentialMapper
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    ProviderClassName

    The name of the Java class that loads the PKI credential mapping provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value weblogic.security.providers.credentials.PKICredentialMapperProviderImpl
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    SupportedExportConstraints

    The credential maps that you want to be exported from this PKI credential mapping provider's database. If no constraints are specified, all are exported.

       
    Privileges Read only    
    Type class java.lang.String[]
    Default Value passwords
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    SupportedExportFormats

    The format of the file to export. The list of supported export formats is determined by this PKI credential mapping provider.

       
    Privileges Read only    
    Type class java.lang.String[]
    Default Value PKICreds
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    SupportedImportConstraints

    The PKI credential maps that you want to be imported into this credential mapping provider's database. If no constraints are specified, all are imported.

       
    Privileges Read only    
    Type class java.lang.String[]
    Default Value
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    SupportedImportFormats

    The format of the file to import. The list of supported import formats is determined by the PKI credential mapping provider from which the credential maps were originally exported.

       
    Privileges Read only    
    Type class java.lang.String[]
    Default Value PKICreds
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

     

    UseInitiatorGroupNames

    Whether to enables selection of credential mappings based on the group names of the initiator.

       
    Privileges Read/Write    
    Type boolean
    Default Value true

     

    UseResourceHierarchy

    Whether to enable selection of credential mappings by traversing up the resource hierachy for each type of resource

       
    Privileges Read/Write    
    Type boolean
    Default Value true

     

    Version

    The version of the PKI credential mapping provider.

       
    Privileges Read only    
    Type java.lang.String
    Default Value 1.0
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    Operations

    This section describes the following operations:

     

    advance

    Advances the list to the next element in the list.

    Operation Name "advance"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    Signature String [] { "java.lang.String" }
    Returns void
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    close

    Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

    Operation Name "close"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    Signature String [] { "java.lang.String" }
    Returns void
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    exportData

    Exports provider specific data in a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

    Operation Name "exportData"    
    Parameters Object [] {  formatfilenameconstraints }

    where:

    • format is an object of type java.lang.String that specifies:

      - The format for exporting provider specific data.

    • filename is an object of type java.lang.String that specifies:

      - The full path to the filename used to write data.

    • constraints is an object of type java.util.Properties that specifies:

      - The constraints to be used when exporting data. A null value indicates that all data will be exported.

    Signature String [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
    Returns void
    Exceptions

    • weblogic.management.utils.InvalidParameterException

    • weblogic.management.utils.ErrorCollectionException

     

    getCertificate

    For a certificate entry this method will return the certificate corresponding to the alias. For a keyentry it will return the first Certificate entry in a CertificateChain.

    Operation Name "getCertificate"    
    Parameters Object [] {  keystoreAlias }

    where:

    • keystoreAlias is an object of type java.lang.String that specifies:

      - The keystore alias.

    Signature String [] { "java.lang.String" }
    Returns Certificate
    Exceptions

    • weblogic.management.utils.NotFoundException

     

    getCurrentCredAction

    Gets an credential action from a list that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the credential action that corresponds to current location in the list.

    Operation Name "getCurrentCredAction"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

    Signature String [] { "java.lang.String" }
    Returns String
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    getCurrentCredential

    Gets the keystore alias from a credentials map that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the keystore alias that corresponds to current location in the list.

    Operation Name "getCurrentCredential"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor that has been returned from the listMappings or the listMappingsByPattern method.

    Signature String [] { "java.lang.String" }
    Returns String
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    getCurrentInitiatorName

    Gets an username from a list that has been returned from the listMappings or the listMappingsByPattern() method. This method returns the username that corresponds to current location in the list.

    Operation Name "getCurrentInitiatorName"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

    Signature String [] { "java.lang.String" }
    Returns String
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    getCurrentResourceId

    Gets the current resource id from a list that has been returned from the and listMappingsByPattern() method. This method returns the resource id that corresponds to current location in the list.

    Operation Name "getCurrentResourceId"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor that has been returned from the listMappingsByPattern method.

    Signature String [] { "java.lang.String" }
    Returns String
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    getKeystoreAlias

    Gets the keystore alias that is mapped to a username for a particular resource and credential action.

    Operation Name "getKeystoreAlias"    
    Parameters Object [] {  resourceIduserNameisInitiatorUserNamecredActioncredType }

    where:

    • resourceId is an object of type java.lang.String that specifies:

      - The resource id that is used to map user names to keystore alias and password. A resource object such as weblogic.security.service.ResourceManager assigns IDs to external sources.

    • userName is an object of type java.lang.String that specifies:

      - The username that is mapped to the alias and password.

    • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

      - Set true if the initiator name passed in is the username. False otherwise.

    • credAction is an object of type java.lang.String that specifies:

      - The credential action for which the mapping is created for.

    • credType is an object of type java.lang.String that specifies:

      - The credential type.

    Signature String [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
    Returns String
    Exceptions

    • weblogic.management.utils.NotFoundException
      NotFoundException - This exception is thrown if the keystore alias is not found.

     

    haveCurrent

    Returns true if there are more objects in the list, and false otherwise.

    Operation Name "haveCurrent"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    Signature String [] { "java.lang.String" }
    Returns boolean
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    importData

    Imports provider specific data from a specified format. When errors occur, the MBean throws an ErrorCollectionException containing a list of java.lang.Exceptions, where the text of each exception describes the error.

    Operation Name "importData"    
    Parameters Object [] {  formatfilenameconstraints }

    where:

    • format is an object of type java.lang.String that specifies:

      - The format for importing provider specific data.

    • filename is an object of type java.lang.String that specifies:

      - The full path to the filename used to read data.

    • constraints is an object of type java.util.Properties that specifies:

      - The constraints to be used when importing data. A null value indicates that all data will be imported.

    Signature String [] { "java.lang.String", "java.lang.String", "java.util.Properties" }
    Returns void
    Exceptions

    • weblogic.management.utils.InvalidParameterException

    • weblogic.management.utils.ErrorCollectionException

     

    isInitiatorUserName

    Returns whether the initiator name from a list that has been returned from the listMappings or the listMappingsByPattern()method is a user name or a group name. Method returns true if the username returned by the getCurrentInitiatorName is a user name. If the initiator name returned is a Group name this method returns false.

    Operation Name "isInitiatorUserName"    
    Parameters Object [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor that has been returned from the listMappings method or the listMappingsByPattern.

    Signature String [] { "java.lang.String" }
    Returns boolean
    Exceptions

    • weblogic.management.utils.InvalidCursorException

     

    isSet

    Returns true if the specified attribute has been set explicitly in this MBean instance.

    Operation Name "isSet"    
    Parameters Object [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to check

    Signature String [] { "java.lang.String" }
    Returns boolean
    Exceptions

    • java.lang.IllegalArgumentException

     

    listAllCertEntryAliases

    Returns a list of all the public certificate aliases currently configured in the keystore. Console can call this method to display a list of all possible certificate aliases.

    Operation Name "listAllCertEntryAliases"    
    Parameters null
    Signature null
    Returns class
    Exceptions

    • weblogic.management.utils.NotFoundException

     

    listAllKeypairEntryAliases

    Returns a list of all the key pair aliases that currently configured in the keystore. Console can call this method to display a list of all possible keypair aliases.

    Operation Name "listAllKeypairEntryAliases"    
    Parameters null
    Signature null
    Returns class
    Exceptions

    • weblogic.management.utils.NotFoundException

     

    listMappings

    Gets a list of usernames, credential actions, keystore aliases and their passwords. Returns a cursor as a string. Use the getCurrentUserName(),getCurrentCredential(), getCurrentCredAction() methods to get the username, keystore alias and credential action for the current item in the list.

    Operation Name "listMappings"    
    Parameters Object [] {  resourceId,  }

    where:

    • resourceId is an object of type java.lang.String that specifies:

      - the resource id that the credential mappings are created for. A resource object such as weblogic.security.service.ResourceManager assigns IDs to external sources.

    Signature String [] { "java.lang.String", "java.lang.String" }
    Returns String

     

    listMappingsByPattern

    Gets a list of all the configured credential mappings. Returns a cursor as a string. Use the getCurrentUserName(), getCurrentCredAction(), getCurrentResourceId(), getCurrentCredential() methods to get the username, credential action, resource id and keystore alias for the current item in the list.

    Operation Name "listMappingsByPattern"    
    Parameters Object [] {  resourceIdPatternmaxToReturncredType }

    where:

    • resourceIdPattern is an object of type java.lang.String that specifies:

      - the resource id pattern to filter the records to be returned. If you pass null or * the method will not filter and return all records.

    • maxToReturn is an object of type java.lang.Integer that specifies:

      - The maximum number of records to return

    • credType is an object of type java.lang.String that specifies:

      - The credential type

    Signature String [] { "java.lang.String", "java.lang.Integer", "java.lang.String" }
    Returns String

     

    removePKICredentialMapping

    Removes the mapping between the principalName, resourceid and credential action to the keystore alias.

    Operation Name "removePKICredentialMapping"    
    Parameters Object [] {  resourceIdprincipalNameisInitiatorUserNamecredActioncredType }

    where:

    • resourceId is an object of type java.lang.String that specifies:

      - The resource for which the user name is mapped to the keystore alias and password.

    • principalName is an object of type java.lang.String that specifies:

      - The principalName used in the credential mapping.

    • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

      - True if the initiator name is a user name. False if it is a group.

    • credAction is an object of type java.lang.String that specifies:

      - The credential action.

    • credType is an object of type java.lang.String that specifies:

      - The credential type.

    Signature String [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
    Returns void
    Exceptions

    • weblogic.management.utils.NotFoundException

     

    setCertificateCredential

    Creates a public certificate mapping between the principalName, resourceid and credential action to the keystore alias.

    Operation Name "setCertificateCredential"    
    Parameters Object [] {  resourceIdprincipalNameisInitiatorUserNamecredActionkeystoreAlias }

    where:

    • resourceId is an object of type java.lang.String that specifies:

      - The resource for which the user name is mapped to the keystore alias.

    • principalName is an object of type java.lang.String that specifies:

      - The principalName used in the credential mapping.

    • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

      - True if the initiator name is a user name. False if it is a group.

    • credAction is an object of type java.lang.String that specifies:

      - The credential action.

    • keystoreAlias is an object of type java.lang.String that specifies:

      - The keystore alias.

    Signature String [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String" }
    Returns void
    Exceptions

    • weblogic.management.utils.CreateException
      CreateException - Exception thrown if the keystore alias does not point to a certificate entry.

     

    setKeypairCredential

    Creates a keypair mapping between the principalName, resourceid and credential action to the keystore alias and the corresponding password.

    Operation Name "setKeypairCredential"    
    Parameters Object [] {  resourceIdprincipalNameisInitiatorUserNamecredActionkeystoreAliaspassword }

    where:

    • resourceId is an object of type java.lang.String that specifies:

      - The resource for which the user name is mapped to the keystore alias and password.

    • principalName is an object of type java.lang.String that specifies:

      - The principalName used in the credential mapping.

    • isInitiatorUserName is an object of type java.lang.Boolean that specifies:

      - True if the initiator name is a user name. False if it is a group.

    • credAction is an object of type java.lang.String that specifies:

      - The credential action.

    • keystoreAlias is an object of type java.lang.String that specifies:

      - The keystore alias.

    • password is an object of type [C that specifies:

      - The password for the keystore entry.

    Signature String [] { "java.lang.String", "java.lang.String", "java.lang.Boolean", "java.lang.String", "java.lang.String", "[C" }
    Returns void
    Exceptions

    • weblogic.management.utils.CreateException
      CreateException - Exception thrown if the keystore alias does not point to a keypair entry or if the password supplied here is not correct.

     

    unSet

    Restore the given property to its default value.

    Operation Name "unSet"    
    Parameters Object [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to restore

    Signature String [] { "java.lang.String" }
    Returns void
    Exceptions

    • java.lang.IllegalArgumentException
      UnsupportedOperationException if called on a runtime implementation.

     

    wls_getDisplayName

    Operation Name "wls_getDisplayName"    
    Parameters null
    Signature null
    Returns String